sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-01-24 00:04:23 +03:00
Code Issues Packages Projects Releases Wiki Activity

updated test cases for regression test

Browse Source
This commit is contained in:
Bernardo Damele 2014-01-13 17:12:59 +00:00
parent dfa9076a70
commit 9a1be29b45
1 changed files with 25 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
xml/livetests.xml
View File

@ -288,13 +288,13 @@
<getColumns value="True"/>
<getCount value="True"/>
<dumpTable value="True"/>
<db value="testdb"/>
<db value="public"/>
<tbl value="users"/>
<excludeSysDbs value="True"/>
</switches>
<parse>
<item value="Title: AND boolean-based blind - WHERE or HAVING clause"/>
<item value="r'back-end DBMS: active fingerprint: PostgreSQL &gt;= 8.4.0 and &lt; 9.0.0'"/>
<item value="r'back-end DBMS: active fingerprint: PostgreSQL &gt;= 9.1.0'"/>
<item value="banner: 'PostgreSQL 9.1.11 on i686-pc-linux-gnu, compiled by gcc (Debian 4.7.2-5) 4.7.2, 32-bit'"/>
<item value="current user: 'postgres'"/>
<item value="current schema (equivalent to database on PostgreSQL): 'public'"/>
@ -330,14 +330,14 @@
<getColumns value="True"/>
<getCount value="True"/>
<dumpTable value="True"/>
<db value="testdb"/>
<db value="public"/>
<tbl value="users"/>
<excludeSysDbs value="True"/>
<answers value="do you want to perform a dictionary-based attack against retrieved password hashes=N"/>
</switches>
<parse>
<item value="Title: PostgreSQL AND error-based - WHERE or HAVING clause"/>
<item value="r'back-end DBMS: active fingerprint: PostgreSQL &gt;= 8.4.0 and &lt; 9.0.0'"/>
<item value="r'back-end DBMS: active fingerprint: PostgreSQL &gt;= 9.1.0'"/>
<item value="banner: 'PostgreSQL 9.1.11 on i686-pc-linux-gnu, compiled by gcc (Debian 4.7.2-5) 4.7.2, 32-bit'"/>
<item value="current user: 'postgres'"/>
<item value="current schema (equivalent to database on PostgreSQL): 'public'"/>
@ -373,14 +373,14 @@
<getColumns value="True"/>
<getCount value="True"/>
<dumpTable value="True"/>
<db value="testdb"/>
<db value="public"/>
<tbl value="users"/>
<excludeSysDbs value="True"/>
<answers value="do you want to perform a dictionary-based attack against retrieved password hashes=N"/>
</switches>
<parse>
<item value="Title: Generic UNION query (NULL) - 3 columns"/>
<item value="r'back-end DBMS: active fingerprint: PostgreSQL &gt;= 8.4.0 and &lt; 9.0.0'"/>
<item value="r'back-end DBMS: active fingerprint: PostgreSQL &gt;= 9.1.0'"/>
<item value="banner: 'PostgreSQL 9.1.11 on i686-pc-linux-gnu, compiled by gcc (Debian 4.7.2-5) 4.7.2, 32-bit'"/>
<item value="current user: 'postgres'"/>
<item value="current schema (equivalent to database on PostgreSQL): 'public'"/>
@ -416,14 +416,14 @@
<getColumns value="True"/>
<getCount value="True"/>
<dumpTable value="True"/>
<db value="testdb"/>
<db value="public"/>
<tbl value="users"/>
<excludeSysDbs value="True"/>
<answers value="do you want to perform a dictionary-based attack against retrieved password hashes=N"/>
</switches>
<parse>
<item value="Title: Generic UNION query (NULL) - 3 columns"/>
<item value="r'back-end DBMS: active fingerprint: PostgreSQL &gt;= 8.4.0 and &lt; 9.0.0'"/>
<item value="r'back-end DBMS: active fingerprint: PostgreSQL &gt;= 9.1.0'"/>
<item value="banner: 'PostgreSQL 9.1.11 on i686-pc-linux-gnu, compiled by gcc (Debian 4.7.2-5) 4.7.2, 32-bit'"/>
<item value="current user: 'postgres'"/>
<item value="current schema (equivalent to database on PostgreSQL): 'public'"/>
@ -487,14 +487,14 @@
<getColumns value="True"/>
<getCount value="True"/>
<dumpTable value="True"/>
<db value="testdb"/>
<db value="public"/>
<tbl value="users"/>
<excludeSysDbs value="True"/>
<answers value="do you want to perform a dictionary-based attack against retrieved password hashes=N"/>
</switches>
<parse>
<item value="Title: PostgreSQL inline queries"/>
<item value="r'back-end DBMS: active fingerprint: PostgreSQL &gt;= 8.4.0 and &lt; 9.0.0'"/>
<item value="r'back-end DBMS: active fingerprint: PostgreSQL &gt;= 9.1.0'"/>
<item value="banner: 'PostgreSQL 9.1.11 on i686-pc-linux-gnu, compiled by gcc (Debian 4.7.2-5) 4.7.2, 32-bit'"/>
<item value="current user: 'postgres'"/>
<item value="current schema (equivalent to database on PostgreSQL): 'public'"/>
@ -905,7 +905,7 @@
<parse>
<item value="Title: AND boolean-based blind - WHERE or HAVING clause"/>
<item value="r'back-end DBMS: active fingerprint: SQLite 3'"/>
<item value="banner: '3.7.3'"/>
<item value="banner: '3.7.13'"/>
<item value="r'Database: SQLite_masterdb.+1 table.+users'"/>
<item value="r'Database: SQLite_masterdb.+Table: users.+3 columns.+surname.+TEXT'"/>
<item value="r'Database: SQLite_masterdb.+Table: users.+5 entries.+luther.+nameisnull.+'"/>
@ -938,7 +938,7 @@
<parse>
<item value="Title: Generic UNION query (NULL) - 3 columns"/>
<item value="r'back-end DBMS: active fingerprint: SQLite 3'"/>
<item value="banner: '3.7.3'"/>
<item value="banner: '3.7.13'"/>
<item value="r'Database: SQLite_masterdb.+1 table.+users'"/>
<item value="r'Database: SQLite_masterdb.+Table: users.+3 columns.+surname.+TEXT'"/>
<item value="r'Database: SQLite_masterdb.+Table: users.+5 entries.+luther.+user agent.+'"/>
@ -970,7 +970,7 @@
<parse>
<item value="Title: Generic UNION query (NULL) - 3 columns"/>
<item value="r'back-end DBMS: active fingerprint: SQLite 3'"/>
<item value="banner: '3.7.3'"/>
<item value="banner: '3.7.13'"/>
<item value="r'Database: SQLite_masterdb.+1 table.+users'"/>
<item value="r'Database: SQLite_masterdb.+Table: users.+3 columns.+surname.+TEXT'"/>
<item value="r'Database: SQLite_masterdb.+Table: users.+5 entries.+luther.+user agent.+'"/>
@ -988,7 +988,7 @@
<parse>
<item value="Title: SQLite &gt; 2.0 AND time-based blind (heavy query)"/>
<item value="r'back-end DBMS: active fingerprint: SQLite 3'"/>
<item value="banner: '3.7.3'"/>
<item value="banner: '3.7.13'"/>
</parse>
</case>
<case name="SQLite inline queries multi-threaded enumeration - all entries">
@ -1049,7 +1049,7 @@
<parse>
<item value="Title: AND boolean-based blind - WHERE or HAVING clause"/>
<item value="r'back-end DBMS: active fingerprint: Firebird 2.1 \(dialect 3\)'"/>
<item value="banner: '2.5.0'"/>
<item value="banner: '2.5.2'"/>
<item value="current user: 'SYSDBA'"/>
<item value="r'current database: '/'"/>
<item value="current user is DBA: True"/>
@ -1088,7 +1088,7 @@
<parse>
<item value="Title: AND boolean-based blind - WHERE or HAVING clause"/>
<item value="r'back-end DBMS: active fingerprint: Firebird 2.1 \(dialect 3\)'"/>
<item value="banner: '2.5.0'"/>
<item value="banner: '2.5.2'"/>
<item value="current user: 'SYSDBA'"/>
<item value="r'current database: '/'"/>
<item value="current user is DBA: True"/>
@ -1127,7 +1127,7 @@
<parse>
<item value="Title: Generic UNION query (NULL) - 3 columns"/>
<item value="r'back-end DBMS: active fingerprint: Firebird 2.1 \(dialect 3\)'"/>
<item value="banner: '2.5.0'"/>
<item value="banner: '2.5.2'"/>
<item value="current user: 'SYSDBA'"/>
<item value="r'current database: '/'"/>
<item value="current user is DBA: True"/>
@ -1166,7 +1166,7 @@
<parse>
<item value="Title: Generic UNION query (NULL) - 3 columns"/>
<item value="r'back-end DBMS: active fingerprint: Firebird 2.1 \(dialect 3\)'"/>
<item value="banner: '2.5.0'"/>
<item value="banner: '2.5.2'"/>
<item value="current user: 'SYSDBA'"/>
<item value="r'current database: '/'"/>
<item value="current user is DBA: True"/>
@ -1191,7 +1191,7 @@
</switches>
<parse>
<item value="Title: Firebird AND time-based blind (heavy query)"/>
<item value="banner: '2.5.0'"/>
<item value="banner: '2.5.2'"/>
<item value="current user is DBA: True"/>
</parse>
</case>
@ -1221,7 +1221,7 @@
<parse>
<item value="Title: Firebird inline queries"/>
<item value="r'back-end DBMS: active fingerprint: Firebird 2.1 \(dialect 3\)'"/>
<item value="banner: '2.5.0'"/>
<item value="banner: '2.5.2'"/>
<item value="current user: 'SYSDBA'"/>
<item value="r'current database: '/'"/>
<item value="current user is DBA: True"/>
@ -1296,7 +1296,7 @@
<tech value="E"/>
<getSchema value="True"/>
<dumpTable value="True"/>
<db value="testdb"/>
<db value="public"/>
<tbl value="users"/>
<limitStart value="2"/>
<limitStop value="4"/>
@ -1314,7 +1314,7 @@
<tech value="U"/>
<getSchema value="True"/>
<dumpTable value="True"/>
<db value="testdb"/>
<db value="public"/>
<tbl value="users"/>
<limitStart value="2"/>
<limitStop value="4"/>
@ -1331,7 +1331,7 @@
<threads value="4"/>
<tech value="B"/>
<dumpTable value="True"/>
<db value="testdb"/>
<db value="public"/>
<tbl value="users"/>
<firstChar value="3"/>
<lastChar value="5"/>
@ -3216,13 +3216,12 @@
<!-- End of file system access switches -->
<!-- Operating system access switches -->
<!--
<case name="MySQL web shell - command execution">
<switches>
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
<tech value="B"/>
<osCmd value="id"/>
<answers value="please provide additional comma separated file paths to=test"/>
<answers value="what do you want to use for writable directory=2,please provide a comma separate list of absolute directory paths=/var/www/test"/>
</switches>
<parse>
<item value="command standard output: 'uid="/>
@ -3234,13 +3233,12 @@
<tech value="BU"/>
<osPwn value="True"/>
<msfPath value="/usr/local/bin/"/>
<answers value="please provide additional comma separated file paths to=/var/www/test,do you want to overwrite it=Y,which connection type do you want to use=2"/>
<answers value="what do you want to use for writable directory=2,please provide a comma separate list of absolute directory paths=/var/www/test"/>
</switches>
<parse>
<item value="r'Sending stage.+Linux.+uid=.+www-data'" console_output="True"/>
</parse>
</case>
-->
<case name="PostgreSQL User-Defined Function (UDF) injection - command execution (UNION)">
<switches>
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>