sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 19:13:48 +03:00
Code Issues Packages Projects Releases Wiki Activity

Bug fix for generic parameter replacement (CASE)

Browse Source
This commit is contained in:
Miroslav Stampar 2016-09-27 14:29:18 +02:00
parent 212c1ec1f2
commit bc7ab01066
3 changed files with 37 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/core/settings.py
View File

@ -19,7 +19,7 @@ from lib.core.enums import OS
from lib.core.revision import getRevisionNumber from lib.core.revision import getRevisionNumber
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.0.9.41" VERSION = "1.0.9.42"
REVISION = getRevisionNumber() REVISION = getRevisionNumber()
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}

4
txt/checksum.md5
View File

@ -45,7 +45,7 @@ e60456db5380840a586654344003d4e6 lib/core/readlineng.py
5ef56abb8671c2ca6ceecb208258e360 lib/core/replication.py 5ef56abb8671c2ca6ceecb208258e360 lib/core/replication.py
99a2b496b9d5b546b335653ca801153f lib/core/revision.py 99a2b496b9d5b546b335653ca801153f lib/core/revision.py
7c15dd2777af4dac2c89cab6df17462e lib/core/session.py 7c15dd2777af4dac2c89cab6df17462e lib/core/session.py
f736ee4e7e504498859dce2171991550 lib/core/settings.py f9c92d337bfea55d24d24ae514e42a84 lib/core/settings.py
7af83e4f18cab6dff5e67840eb65be80 lib/core/shell.py 7af83e4f18cab6dff5e67840eb65be80 lib/core/shell.py
23657cd7d924e3c6d225719865855827 lib/core/subprocessng.py 23657cd7d924e3c6d225719865855827 lib/core/subprocessng.py
0bc2fae1dec18cdd11954b22358293f2 lib/core/target.py 0bc2fae1dec18cdd11954b22358293f2 lib/core/target.py
@ -449,7 +449,7 @@ d989813ee377252bca2103cea524c06b xml/banner/sharepoint.xml
fb93505ef0ab3b4a20900f3e5625260d xml/boundaries.xml fb93505ef0ab3b4a20900f3e5625260d xml/boundaries.xml
535d625cff8418bdc086ab4e1bbf5135 xml/errors.xml 535d625cff8418bdc086ab4e1bbf5135 xml/errors.xml
a279656ea3fcb85c727249b02f828383 xml/livetests.xml a279656ea3fcb85c727249b02f828383 xml/livetests.xml
18b2c7e5738a3be72d759af96a9aaddf xml/payloads/boolean_blind.xml 48ec50e72db89cb8f7bf25e9f45cfc92 xml/payloads/boolean_blind.xml
103a4c9b12c582b24a3fac8147a9c8d4 xml/payloads/error_based.xml 103a4c9b12c582b24a3fac8147a9c8d4 xml/payloads/error_based.xml
06b1a210b190d52477a9d492443725b5 xml/payloads/inline_query.xml 06b1a210b190d52477a9d492443725b5 xml/payloads/inline_query.xml
96adb9bfbab867d221974d3ddb303cb6 xml/payloads/stacked_queries.xml 96adb9bfbab867d221974d3ddb303cb6 xml/payloads/stacked_queries.xml

72
xml/payloads/boolean_blind.xml
View File

@ -879,44 +879,6 @@ Tag: <test>
</details> </details>
</test> </test>
<test>
<title>SAP MaxDB boolean-based blind - Parameter replace</title>
<stype>1</stype>
<level>3</level>
<risk>1</risk>
<clause>1,3</clause>
<where>3</where>
<vector>(CASE WHEN [INFERENCE] THEN [RANDNUM] ELSE NULL END)</vector>
<request>
<payload>(CASE WHEN [RANDNUM]=[RANDNUM] THEN [RANDNUM] ELSE NULL END)</payload>
</request>
<response>
<comparison>(CASE WHEN [RANDNUM]=[RANDNUM1] THEN [RANDNUM] ELSE NULL END)</comparison>
</response>
<details>
<dbms>SAP MaxDB</dbms>
</details>
</test>
<test>
<title>SAP MaxDB boolean-based blind - Parameter replace (original value)</title>
<stype>1</stype>
<level>4</level>
<risk>1</risk>
<clause>1,3</clause>
<where>3</where>
<vector>(CASE WHEN [INFERENCE] THEN [ORIGVALUE] ELSE NULL END)</vector>
<request>
<payload>(CASE WHEN [RANDNUM]=[RANDNUM] THEN [ORIGVALUE] ELSE NULL END)</payload>
</request>
<response>
<comparison>(CASE WHEN [RANDNUM]=[RANDNUM1] THEN [ORIGVALUE] ELSE NULL END)</comparison>
</response>
<details>
<dbms>SAP MaxDB</dbms>
</details>
</test>
<!-- Works in MySQL, Oracle, etc. --> <!-- Works in MySQL, Oracle, etc. -->
<test> <test>
<title>Boolean-based blind - Parameter replace (DUAL)</title> <title>Boolean-based blind - Parameter replace (DUAL)</title>
@ -951,6 +913,40 @@ Tag: <test>
</test> </test>
<!-- End of boolean-based blind tests - Parameter replace --> <!-- End of boolean-based blind tests - Parameter replace -->
<!-- Works in SAP MaxDB, Informix, etc. -->
<test>
<title>Boolean-based blind - Parameter replace (CASE)</title>
<stype>1</stype>
<level>3</level>
<risk>1</risk>
<clause>1,3</clause>
<where>3</where>
<vector>(CASE WHEN [INFERENCE] THEN [RANDNUM] ELSE NULL END)</vector>
<request>
<payload>(CASE WHEN [RANDNUM]=[RANDNUM] THEN [RANDNUM] ELSE NULL END)</payload>
</request>
<response>
<comparison>(CASE WHEN [RANDNUM]=[RANDNUM1] THEN [RANDNUM] ELSE NULL END)</comparison>
</response>
</test>
<test>
<title>Boolean-based blind - Parameter replace (CASE) (original value)</title>
<stype>1</stype>
<level>4</level>
<risk>1</risk>
<clause>1,3</clause>
<where>3</where>
<vector>(CASE WHEN [INFERENCE] THEN [ORIGVALUE] ELSE NULL END)</vector>
<request>
<payload>(CASE WHEN [RANDNUM]=[RANDNUM] THEN [ORIGVALUE] ELSE NULL END)</payload>
</request>
<response>
<comparison>(CASE WHEN [RANDNUM]=[RANDNUM1] THEN [ORIGVALUE] ELSE NULL END)</comparison>
</response>
</test>
<!-- End of boolean-based blind tests - Parameter replace -->
<!-- Boolean-based blind tests - ORDER BY, GROUP BY clause --> <!-- Boolean-based blind tests - ORDER BY, GROUP BY clause -->
<test> <test>
<title>MySQL &gt;= 5.0 boolean-based blind - ORDER BY, GROUP BY clause</title> <title>MySQL &gt;= 5.0 boolean-based blind - ORDER BY, GROUP BY clause</title>