#!/usr/bin/env python """ $Id$ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/) See the file 'doc/COPYING' for copying permission """ class PRIORITY: LOWEST = -100 LOWER = -50 LOW = -10 NORMAL = 0 HIGH = 10 HIGHER = 50 HIGHEST = 100 class DBMS: ACCESS = "Microsoft Access" FIREBIRD = "Firebird" MAXDB = "SAP MaxDB" MSSQL = "Microsoft SQL Server" MYSQL = "MySQL" ORACLE = "Oracle" PGSQL = "PostgreSQL" SQLITE = "SQLite" SYBASE = "Sybase" class PLACE: GET = "GET" POST = "POST" URI = "URI" COOKIE = "Cookie" UA = "User-Agent" class HTTPMETHOD: GET = "GET" POST = "POST" HEAD = "HEAD" class NULLCONNECTION: HEAD = "HEAD" RANGE = "Range" class HASH: MYSQL = r'(?i)\A\*[0-9a-f]{40}\Z' MYSQL_OLD = r'(?i)\A[0-9a-f]{16}\Z' POSTGRES = r'(?i)\Amd5[0-9a-f]{32}\Z' MSSQL = r'(?i)\A0x0100[0-9a-f]{8}[0-9a-f]{40}\Z' MSSQL_OLD = r'(?i)\A0x0100[0-9a-f]{8}[0-9a-f]{80}\Z' ORACLE = r'(?i)\As:[0-9a-f]{60}\Z' ORACLE_OLD = r'(?i)\A[01-9a-f]{16}\Z' MD5_GENERIC = r'(?i)\A[0-9a-f]{32}\Z' SHA1_GENERIC = r'(?i)\A[0-9a-f]{40}\Z' class PAYLOAD: SQLINJECTION = { 1: "boolean-based blind", 2: "error-based", 3: "UNION query", 4: "stacked queries", 5: "AND/OR time-based blind" } PARAMETER = { 1: "Unescaped numeric", 2: "Single quoted string", 3: "LIKE single quoted string", 4: "Double quoted string", 5: "LIKE double quoted string" } RISK = { 0: "No risk", 1: "Low risk", 2: "Medium risk", 3: "High risk" } CLAUSE = { 0: "Always", 1: "WHERE", 2: "GROUP BY", 3: "ORDER BY", 4: "LIMIT", 5: "OFFSET", 6: "TOP", 7: "Table name", 8: "Column name" } class METHOD: COMPARISON = "comparison" GREP = "grep" TIME = "time" class TECHNIQUE: HEURISTIC = 0 BOOLEAN = 1 ERROR = 2 UNION = 3 STACKED = 4 TIME = 5