sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-23 10:03:47 +03:00
Code Issues Packages Projects Releases Wiki Activity
1e9ae40397
sqlmap/xml/injections.xml
Miroslav Stampar 1e9ae40397 major refactoring
2010-10-07 12:12:26 +00:00

65 lines
3.3 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<root>
<case name="custom" desc="custom">
<test>
<positive format="%s%s%s AND %s%d=%d %s" params="value, prefix, &quot;)&quot; * parenthesis, &quot;(&quot; * parenthesis, randInt, randInt, postfix"/>
<negative format="%s%s%s AND %s%d=%d %s" params="value, prefix, &quot;)&quot; * parenthesis, &quot;(&quot; * parenthesis, randInt, randInt + 1, postfix"/>
</test>
<usage>
<prefix/>
<postfix/>
</usage>
</case>
<case name="numeric" desc="unescaped numeric">
<test>
<positive format="%s%s AND %s%d=%d" params="value, &quot;)&quot; * parenthesis, &quot;(&quot; * parenthesis, randInt, randInt"/>
<negative format="%s%s AND %s%d=%d" params="value, &quot;)&quot; * parenthesis, &quot;(&quot; * parenthesis, randInt, randInt + 1"/>
</test>
<usage>
<prefix/>
<postfix format="%d=%d" params="randInt, randInt"/>
</usage>
</case>
<case name="stringsingle" desc="single quoted string">
<test>
<positive format="%s'%s AND %s'%s'='%s" params="value, &quot;)&quot; * parenthesis, &quot;(&quot; * parenthesis, randStr, randStr"/>
<negative format="%s'%s AND %s'%s'='%s" params="value, &quot;)&quot; * parenthesis, &quot;(&quot; * parenthesis, randStr, randStr + randomStr(1)"/>
</test>
<usage>
<prefix value="'"/>
<postfix format="'%s'='%s" params="randStr, randStr"/>
</usage>
</case>
<case name="likesingle" desc="LIKE single quoted string">
<test>
<positive format="%s'%s AND %s'%s' LIKE '%s" params="value, &quot;)&quot; * parenthesis, &quot;(&quot; * parenthesis, randStr, randStr"/>
<negative format="%s'%s AND %s'%s' LIKE '%s" params="value, &quot;)&quot; * parenthesis, &quot;(&quot; * parenthesis, randStr, randStr + randomStr(1)"/>
</test>
<usage>
<prefix value="'"/>
<postfix format="'%s' LIKE '%s" params="randStr, randStr"/>
</usage>
</case>
<case name="stringdouble" desc="double quoted string">
<test>
<positive format="%s\&quot;%s AND %s\&quot;%s\&quot;=\&quot;%s" params="value, &quot;)&quot; * parenthesis, &quot;(&quot; * parenthesis, randStr, randStr"/>
<negative format="%s\&quot;%s AND %s\&quot;%s\&quot;=\&quot;%s" params="value, &quot;)&quot; * parenthesis, &quot;(&quot; * parenthesis, randStr, randStr + randomStr(1)"/>
</test>
<usage>
<prefix value="&quot;"/>
<postfix format="\&quot;%s\&quot;=\&quot;%s" params="randStr, randStr"/>
</usage>
</case>
<case name="likedouble" desc="LIKE double quoted string">
<test>
<positive format="%s\&quot;%s AND %s\&quot;%s\&quot; LIKE \&quot;%s" params="value, &quot;)&quot; * parenthesis, &quot;(&quot; * parenthesis, randStr, randStr"/>
<negative format="%s\&quot;%s AND %s\&quot;%s\&quot; LIKE \&quot;%s" params="value, &quot;)&quot; * parenthesis, &quot;(&quot; * parenthesis, randStr, randStr + randomStr(1)"/>
</test>
<usage>
<prefix value="&quot;"/>
<postfix format="\&quot;%s\&quot; LIKE \&quot;%s" params="randStr, randStr"/>
</usage>
</case>
</root>
Reference in New Issue View Git Blame Copy Permalink