mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-30 05:23:50 +03:00
3649 lines
163 KiB
XML
3649 lines
163 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
|
|
<root>
|
|
<vars>
|
|
<random value="random"/>
|
|
</vars>
|
|
<global>
|
|
<ignoreProxy value="True"/>
|
|
<batch value="True"/>
|
|
<flushSession value="True"/>
|
|
<disableColoring value="True"/>
|
|
<verbose value="1"/>
|
|
<parseErrors value="True"/>
|
|
<cleanup value="True"/>
|
|
</global>
|
|
|
|
<!-- Preventive cleanup of database management system from sqlmap temporary tables and user-defined functions -->
|
|
<case name="PostgreSQL cleanup from sqlmap temporary tables and user-defined functions (UDFs)">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<tech value="US"/>
|
|
<verbose value="2"/>
|
|
<cleanup value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: Generic UNION query (NULL) - 3 columns"/>
|
|
<item value="Title: PostgreSQL > 8.1 stacked queries"/>
|
|
<item value="r'\[DEBUG\] removing support tables'" console_output="True"/>
|
|
<item value="r'\[DEBUG\] removing UDF 'sys_fileread'"/>
|
|
<item value="r'\[DEBUG\] removing UDF 'sys_bineval'"/>
|
|
<item value="r'\[DEBUG\] removing UDF 'sys_eval'"/>
|
|
<item value="r'\[DEBUG\] removing UDF 'sys_exec'"/>
|
|
</parse>
|
|
</case>
|
|
<!-- End of preventive cleanup of database management system from sqlmap temporary tables and user-defined functions -->
|
|
|
|
<!-- Common enumeration switches across all techniques -->
|
|
<case name="MySQL boolean-based multi-threaded enumeration - all entries">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<extensiveFp value="True"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getHostname value="True"/>
|
|
<isDba value="True"/>
|
|
<getUsers value="True"/>
|
|
<getPasswordHashes value="True"/>
|
|
<getPrivileges value="True"/>
|
|
<getRoles value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<getColumns value="True"/>
|
|
<getCount value="True"/>
|
|
<dumpTable value="True"/>
|
|
<db value="testdb"/>
|
|
<tbl value="users"/>
|
|
<excludeSysDbs value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: AND boolean-based blind - WHERE or HAVING clause"/>
|
|
<item value="r'back-end DBMS: active fingerprint: MySQL >= 5.5.0'"/>
|
|
<item value="banner: '5.5.37-0+wheezy1'"/>
|
|
<item value="current user: 'root@localhost'"/>
|
|
<item value="current database: 'testdb'"/>
|
|
<item value="hostname: 'debian"/>
|
|
<item value="current user is DBA: True"/>
|
|
<item value="r'database management system users \[.+'debian-sys-maint'@'localhost'.+'root'@'"/>
|
|
<item value="r'database management system users password hashes:.+root \[.+password hash: \*00E247AC5F9AF26AE0194B41E1E769DEE1429A29.+clear-text password: testpass'"/>
|
|
<item value="r'database management system users privileges:.+debian-sys-maint.+\(administrator\).+root.+\(administrator\).+privilege: SUPER'"/>
|
|
<item value="r'database management system users roles:.+debian-sys-maint.+\(administrator\).+root.+\(administrator\).+role: SUPER'"/>
|
|
<item value="r'available databases \[.+information_schema.+mysql.+testdb'"/>
|
|
<item value="r'Database: testdb.+3 tables.+users'"/>
|
|
<item value="r'Database: testdb.+Table: users.+3 columns.+surname.+varchar\(1000\)'"/>
|
|
<item value="r'Database: testdb.+Table.+Entries.+users.+5'"/>
|
|
<item value="r'Database: testdb.+Table: users.+5 entries.+luther.+nameisnull.+'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL error-based multi-threaded enumeration - all entries">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<extensiveFp value="True"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getHostname value="True"/>
|
|
<isDba value="True"/>
|
|
<getUsers value="True"/>
|
|
<getPasswordHashes value="True"/>
|
|
<getPrivileges value="True"/>
|
|
<getRoles value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<getColumns value="True"/>
|
|
<getCount value="True"/>
|
|
<dumpTable value="True"/>
|
|
<db value="testdb"/>
|
|
<tbl value="users"/>
|
|
<excludeSysDbs value="True"/>
|
|
<answers value="do you want to perform a dictionary-based attack against retrieved password hashes=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause"/>
|
|
<item value="r'back-end DBMS: active fingerprint: MySQL >= 5.5.0'"/>
|
|
<item value="banner: '5.5.37-0+wheezy1'"/>
|
|
<item value="current user: 'root@localhost'"/>
|
|
<item value="current database: 'testdb'"/>
|
|
<item value="hostname: 'debian"/>
|
|
<item value="current user is DBA: True"/>
|
|
<item value="r'database management system users \[.+'debian-sys-maint'@'localhost'.+'root'@'"/>
|
|
<item value="r'database management system users password hashes:.+root \[.+password hash: \*00E247AC5F9AF26AE0194B41E1E769DEE1429A29'"/>
|
|
<item value="r'database management system users privileges:.+debian-sys-maint.+\(administrator\).+root.+\(administrator\).+privilege: SUPER'"/>
|
|
<item value="r'database management system users roles:.+debian-sys-maint.+\(administrator\).+root.+\(administrator\).+role: SUPER'"/>
|
|
<item value="r'available databases \[.+information_schema.+mysql.+testdb'"/>
|
|
<item value="r'Database: testdb.+3 tables.+users'"/>
|
|
<item value="r'Database: testdb.+Table: users.+3 columns.+surname.+varchar\(1000\)'"/>
|
|
<item value="r'Database: testdb.+Table.+Entries.+users.+5'"/>
|
|
<item value="r'Database: testdb.+Table: users.+5 entries.+luther.+nameisnull.+'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL UNION query multi-threaded enumeration - all entries">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<extensiveFp value="True"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getHostname value="True"/>
|
|
<isDba value="True"/>
|
|
<getUsers value="True"/>
|
|
<getPasswordHashes value="True"/>
|
|
<getPrivileges value="True"/>
|
|
<getRoles value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<getColumns value="True"/>
|
|
<getCount value="True"/>
|
|
<dumpTable value="True"/>
|
|
<db value="testdb"/>
|
|
<tbl value="users"/>
|
|
<excludeSysDbs value="True"/>
|
|
<answers value="do you want to perform a dictionary-based attack against retrieved password hashes=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: MySQL UNION query (NULL) - 3 columns"/>
|
|
<item value="r'back-end DBMS: active fingerprint: MySQL >= 5.5.0'"/>
|
|
<item value="banner: '5.5.37-0+wheezy1'"/>
|
|
<item value="current user: 'root@localhost'"/>
|
|
<item value="current database: 'testdb'"/>
|
|
<item value="hostname: 'debian"/>
|
|
<item value="current user is DBA: True"/>
|
|
<item value="r'database management system users \[.+'debian-sys-maint'@'localhost'.+'root'@'"/>
|
|
<item value="r'database management system users password hashes:.+root \[.+password hash: \*00E247AC5F9AF26AE0194B41E1E769DEE1429A29'"/>
|
|
<item value="r'database management system users privileges:.+debian-sys-maint.+\(administrator\).+root.+\(administrator\).+privilege: SUPER'"/>
|
|
<item value="r'database management system users roles:.+debian-sys-maint.+\(administrator\).+root.+\(administrator\).+role: SUPER'"/>
|
|
<item value="r'available databases \[.+information_schema.+mysql.+testdb'"/>
|
|
<item value="r'Database: testdb.+3 tables.+users'"/>
|
|
<item value="r'Database: testdb.+Table: users.+3 columns.+surname.+varchar\(1000\)'"/>
|
|
<item value="r'Database: testdb.+Table.+Entries.+users.+5'"/>
|
|
<item value="r'Database: testdb.+Table: users.+5 entries.+luther.+nameisnull.+'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL partial UNION query multi-threaded enumeration - all entries">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int_partialunion.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<extensiveFp value="True"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getHostname value="True"/>
|
|
<isDba value="True"/>
|
|
<getUsers value="True"/>
|
|
<getPasswordHashes value="True"/>
|
|
<getPrivileges value="True"/>
|
|
<getRoles value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<getColumns value="True"/>
|
|
<getCount value="True"/>
|
|
<dumpTable value="True"/>
|
|
<db value="testdb"/>
|
|
<tbl value="users"/>
|
|
<excludeSysDbs value="True"/>
|
|
<answers value="do you want to perform a dictionary-based attack against retrieved password hashes=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: MySQL UNION query (NULL) - 3 columns"/>
|
|
<item value="r'back-end DBMS: active fingerprint: MySQL >= 5.5.0'"/>
|
|
<item value="banner: '5.5.37-0+wheezy1'"/>
|
|
<item value="current user: 'root@localhost'"/>
|
|
<item value="current database: 'testdb'"/>
|
|
<item value="hostname: 'debian"/>
|
|
<item value="current user is DBA: True"/>
|
|
<item value="r'database management system users \[.+'debian-sys-maint'@'localhost'.+'root'@'"/>
|
|
<item value="r'database management system users password hashes:.+root \[.+password hash: \*00E247AC5F9AF26AE0194B41E1E769DEE1429A29'"/>
|
|
<item value="r'database management system users privileges:.+debian-sys-maint.+\(administrator\).+root.+\(administrator\).+privilege: SUPER'"/>
|
|
<item value="r'database management system users roles:.+debian-sys-maint.+\(administrator\).+root.+\(administrator\).+role: SUPER'"/>
|
|
<item value="r'available databases \[.+information_schema.+mysql.+testdb'"/>
|
|
<item value="r'Database: testdb.+3 tables.+users'"/>
|
|
<item value="r'Database: testdb.+Table: users.+3 columns.+surname.+varchar\(1000\)'"/>
|
|
<item value="r'Database: testdb.+Table.+Entries.+users.+5'"/>
|
|
<item value="r'Database: testdb.+Table: users.+5 entries.+luther.+nameisnull.+'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL time-based single-threaded enumeration - all entries">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int_nooutput.php?id=1"/>
|
|
<tech value="T"/>
|
|
<timeSec value="2"/>
|
|
<getBanner value="True"/>
|
|
<isDba value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: MySQL > 5.0.11 AND time-based blind"/>
|
|
<item value="banner: '5.5.37-0+wheezy1'"/>
|
|
<item value="current user is DBA: True"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL inline queries multi-threaded enumeration - all entries">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int_inline.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="Q"/>
|
|
<extensiveFp value="True"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getHostname value="True"/>
|
|
<isDba value="True"/>
|
|
<getUsers value="True"/>
|
|
<getPasswordHashes value="True"/>
|
|
<getPrivileges value="True"/>
|
|
<getRoles value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<getColumns value="True"/>
|
|
<getCount value="True"/>
|
|
<dumpTable value="True"/>
|
|
<db value="testdb"/>
|
|
<tbl value="users"/>
|
|
<excludeSysDbs value="True"/>
|
|
<answers value="do you want to perform a dictionary-based attack against retrieved password hashes=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: MySQL inline queries"/>
|
|
<item value="r'back-end DBMS: active fingerprint: MySQL >= 5.5.0'"/>
|
|
<item value="banner: '5.5.37-0+wheezy1'"/>
|
|
<item value="current user: 'root@localhost'"/>
|
|
<item value="current database: 'testdb'"/>
|
|
<item value="hostname: 'debian"/>
|
|
<item value="current user is DBA: True"/>
|
|
<item value="r'database management system users \[.+'debian-sys-maint'@'localhost'.+'root'@'"/>
|
|
<item value="r'database management system users password hashes:.+root \[.+password hash: \*00E247AC5F9AF26AE0194B41E1E769DEE1429A29'"/>
|
|
<item value="r'database management system users privileges:.+debian-sys-maint.+\(administrator\).+root.+\(administrator\).+privilege: SUPER'"/>
|
|
<item value="r'database management system users roles:.+debian-sys-maint.+\(administrator\).+root.+\(administrator\).+role: SUPER'"/>
|
|
<item value="r'available databases \[.+information_schema.+mysql.+testdb'"/>
|
|
<item value="r'Database: testdb.+3 tables.+users'"/>
|
|
<item value="r'Database: testdb.+Table: users.+3 columns.+surname.+varchar\(1000\)'"/>
|
|
<item value="r'Database: testdb.+Table.+Entries.+users.+5'"/>
|
|
<item value="r'Database: testdb.+Table: users.+5 entries.+luther.+nameisnull.+'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL boolean-based multi-threaded enumeration - all entries">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<extensiveFp value="True"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getHostname value="True"/>
|
|
<isDba value="True"/>
|
|
<getUsers value="True"/>
|
|
<getPasswordHashes value="True"/>
|
|
<getPrivileges value="True"/>
|
|
<getRoles value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<getColumns value="True"/>
|
|
<getCount value="True"/>
|
|
<dumpTable value="True"/>
|
|
<db value="public"/>
|
|
<tbl value="users"/>
|
|
<excludeSysDbs value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: AND boolean-based blind - WHERE or HAVING clause"/>
|
|
<item value="r'back-end DBMS: active fingerprint: PostgreSQL >= 9.1.0'"/>
|
|
<item value="banner: 'PostgreSQL 9.1.13 on i686-pc-linux-gnu, compiled by gcc (Debian 4.7.2-5) 4.7.2, 32-bit"/>
|
|
<item value="current user: 'postgres'"/>
|
|
<item value="current schema (equivalent to database on PostgreSQL): 'public'"/>
|
|
<item value="current user is DBA: True"/>
|
|
<item value="r'database management system users \[.+postgres'"/>
|
|
<item value="r'database management system users password hashes:.+postgres \[.+password hash: md5d7d880f96044b72d0bba108ace96d1e4.+clear-text password: testpass'"/>
|
|
<item value="r'database management system users privileges:.+postgres.+\(administrator\).+privilege: super'"/>
|
|
<item value="r'database management system users roles:.+postgres.+\(administrator\).+role: super'"/>
|
|
<item value="r'available databases \[.+information_schema.+pg_catalog'"/>
|
|
<item value="r'Database: public.+1 table.+users'"/>
|
|
<item value="r'Database: public.+Table: users.+3 columns.+id.+int4.+surname.+bpchar'"/>
|
|
<item value="r'Database: public.+Table.+Entries.+users.+5'"/>
|
|
<item value="r'Database: public.+Table: users.+5 entries.+luther.+nameisnull.+'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL error-based multi-threaded enumeration - all entries">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<extensiveFp value="True"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getHostname value="True"/>
|
|
<isDba value="True"/>
|
|
<getUsers value="True"/>
|
|
<getPasswordHashes value="True"/>
|
|
<getPrivileges value="True"/>
|
|
<getRoles value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<getColumns value="True"/>
|
|
<getCount value="True"/>
|
|
<dumpTable value="True"/>
|
|
<db value="public"/>
|
|
<tbl value="users"/>
|
|
<excludeSysDbs value="True"/>
|
|
<answers value="do you want to perform a dictionary-based attack against retrieved password hashes=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: PostgreSQL AND error-based - WHERE or HAVING clause"/>
|
|
<item value="r'back-end DBMS: active fingerprint: PostgreSQL >= 9.1.0'"/>
|
|
<item value="banner: 'PostgreSQL 9.1.13 on i686-pc-linux-gnu, compiled by gcc (Debian 4.7.2-5) 4.7.2, 32-bit"/>
|
|
<item value="current user: 'postgres'"/>
|
|
<item value="current schema (equivalent to database on PostgreSQL): 'public'"/>
|
|
<item value="current user is DBA: True"/>
|
|
<item value="r'database management system users \[.+postgres'"/>
|
|
<item value="r'database management system users password hashes:.+postgres \[.+password hash: md5d7d880f96044b72d0bba108ace96d1e4'"/>
|
|
<item value="r'database management system users privileges:.+postgres.+\(administrator\).+privilege: super'"/>
|
|
<item value="r'database management system users roles:.+postgres.+\(administrator\).+role: super'"/>
|
|
<item value="r'available databases \[.+information_schema.+pg_catalog'"/>
|
|
<item value="r'Database: public.+1 table.+users'"/>
|
|
<item value="r'Database: public.+Table: users.+3 columns.+id.+int4.+surname.+bpchar'"/>
|
|
<item value="r'Database: public.+Table.+Entries.+users.+5'"/>
|
|
<item value="r'Database: public.+Table: users.+5 entries.+luther.+nameisnull.+'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL UNION query multi-threaded enumeration - all entries">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<extensiveFp value="True"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getHostname value="True"/>
|
|
<isDba value="True"/>
|
|
<getUsers value="True"/>
|
|
<getPasswordHashes value="True"/>
|
|
<getPrivileges value="True"/>
|
|
<getRoles value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<getColumns value="True"/>
|
|
<getCount value="True"/>
|
|
<dumpTable value="True"/>
|
|
<db value="public"/>
|
|
<tbl value="users"/>
|
|
<excludeSysDbs value="True"/>
|
|
<answers value="do you want to perform a dictionary-based attack against retrieved password hashes=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: Generic UNION query (NULL) - 3 columns"/>
|
|
<item value="r'back-end DBMS: active fingerprint: PostgreSQL >= 9.1.0'"/>
|
|
<item value="banner: 'PostgreSQL 9.1.13 on i686-pc-linux-gnu, compiled by gcc (Debian 4.7.2-5) 4.7.2, 32-bit"/>
|
|
<item value="current user: 'postgres'"/>
|
|
<item value="current schema (equivalent to database on PostgreSQL): 'public'"/>
|
|
<item value="current user is DBA: True"/>
|
|
<item value="r'database management system users \[.+postgres'"/>
|
|
<item value="r'database management system users password hashes:.+postgres \[.+password hash: md5d7d880f96044b72d0bba108ace96d1e4'"/>
|
|
<item value="r'database management system users privileges:.+postgres.+\(administrator\).+privilege: super'"/>
|
|
<item value="r'database management system users roles:.+postgres.+\(administrator\).+role: super'"/>
|
|
<item value="r'available databases \[.+information_schema.+pg_catalog'"/>
|
|
<item value="r'Database: public.+1 table.+users'"/>
|
|
<item value="r'Database: public.+Table: users.+3 columns.+id.+int4.+surname.+bpchar'"/>
|
|
<item value="r'Database: public.+Table.+Entries.+users.+5'"/>
|
|
<item value="r'Database: public.+Table: users.+5 entries.+luther.+nameisnull.+'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL partial UNION query multi-threaded enumeration - all entries">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int_partialunion.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<extensiveFp value="True"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getHostname value="True"/>
|
|
<isDba value="True"/>
|
|
<getUsers value="True"/>
|
|
<getPasswordHashes value="True"/>
|
|
<getPrivileges value="True"/>
|
|
<getRoles value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<getColumns value="True"/>
|
|
<getCount value="True"/>
|
|
<dumpTable value="True"/>
|
|
<db value="public"/>
|
|
<tbl value="users"/>
|
|
<excludeSysDbs value="True"/>
|
|
<answers value="do you want to perform a dictionary-based attack against retrieved password hashes=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: Generic UNION query (NULL) - 3 columns"/>
|
|
<item value="r'back-end DBMS: active fingerprint: PostgreSQL >= 9.1.0'"/>
|
|
<item value="banner: 'PostgreSQL 9.1.13 on i686-pc-linux-gnu, compiled by gcc (Debian 4.7.2-5) 4.7.2, 32-bit"/>
|
|
<item value="current user: 'postgres'"/>
|
|
<item value="current schema (equivalent to database on PostgreSQL): 'public'"/>
|
|
<item value="current user is DBA: True"/>
|
|
<item value="r'database management system users \[.+postgres'"/>
|
|
<item value="r'database management system users password hashes:.+postgres \[.+password hash: md5d7d880f96044b72d0bba108ace96d1e4'"/>
|
|
<item value="r'database management system users privileges:.+postgres.+\(administrator\).+privilege: super'"/>
|
|
<item value="r'database management system users roles:.+postgres.+\(administrator\).+role: super'"/>
|
|
<item value="r'available databases \[.+information_schema.+pg_catalog'"/>
|
|
<item value="r'Database: public.+1 table.+users'"/>
|
|
<item value="r'Database: public.+Table: users.+3 columns.+id.+int4.+surname.+bpchar'"/>
|
|
<item value="r'Database: public.+Table.+Entries.+users.+5'"/>
|
|
<item value="r'Database: public.+Table: users.+5 entries.+luther.+nameisnull.+'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL time-based single-threaded enumeration - all entries">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int_nooutput.php?id=1"/>
|
|
<tech value="T"/>
|
|
<timeSec value="2"/>
|
|
<getBanner value="True"/>
|
|
<isDba value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: PostgreSQL > 8.1 AND time-based blind"/>
|
|
<item value="banner: 'PostgreSQL 9.1.13 on i686-pc-linux-gnu, compiled by gcc (Debian 4.7.2-5) 4.7.2, 32-bit"/>
|
|
<item value="current user is DBA: True"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL stacked queries single-threaded enumeration - all entries">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int_nooutput.php?id=1"/>
|
|
<tech value="S"/>
|
|
<timeSec value="2"/>
|
|
<getBanner value="True"/>
|
|
<isDba value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: PostgreSQL > 8.1 stacked queries"/>
|
|
<item value="banner: 'PostgreSQL 9.1.13 on i686-pc-linux-gnu, compiled by gcc (Debian 4.7.2-5) 4.7.2, 32-bit"/>
|
|
<item value="current user is DBA: True"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL inline queries multi-threaded enumeration - all entries">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int_inline.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="Q"/>
|
|
<extensiveFp value="True"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getHostname value="True"/>
|
|
<isDba value="True"/>
|
|
<getUsers value="True"/>
|
|
<getPasswordHashes value="True"/>
|
|
<getPrivileges value="True"/>
|
|
<getRoles value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<getColumns value="True"/>
|
|
<getCount value="True"/>
|
|
<dumpTable value="True"/>
|
|
<db value="public"/>
|
|
<tbl value="users"/>
|
|
<excludeSysDbs value="True"/>
|
|
<answers value="do you want to perform a dictionary-based attack against retrieved password hashes=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: PostgreSQL inline queries"/>
|
|
<item value="r'back-end DBMS: active fingerprint: PostgreSQL >= 9.1.0'"/>
|
|
<item value="banner: 'PostgreSQL 9.1.13 on i686-pc-linux-gnu, compiled by gcc (Debian 4.7.2-5) 4.7.2, 32-bit"/>
|
|
<item value="current user: 'postgres'"/>
|
|
<item value="current schema (equivalent to database on PostgreSQL): 'public'"/>
|
|
<item value="current user is DBA: True"/>
|
|
<item value="r'database management system users \[.+postgres'"/>
|
|
<item value="r'database management system users password hashes:.+postgres \[.+password hash: md5d7d880f96044b72d0bba108ace96d1e4'"/>
|
|
<item value="r'database management system users privileges:.+postgres.+\(administrator\).+privilege: super'"/>
|
|
<item value="r'database management system users roles:.+postgres.+\(administrator\).+role: super'"/>
|
|
<item value="r'available databases \[.+information_schema.+pg_catalog'"/>
|
|
<item value="r'Database: public.+1 table.+users'"/>
|
|
<item value="r'Database: public.+Table: users.+3 columns.+id.+int4.+surname.+bpchar'"/>
|
|
<item value="r'Database: public.+Table.+Entries.+users.+5'"/>
|
|
<item value="r'Database: public.+Table: users.+5 entries.+luther.+nameisnull.+'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle boolean-based multi-threaded enumeration - all entries">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/oracle/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<extensiveFp value="True"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getHostname value="True"/>
|
|
<isDba value="True"/>
|
|
<getUsers value="True"/>
|
|
<getPasswordHashes value="True"/>
|
|
<getPrivileges value="True"/>
|
|
<getRoles value="True"/>
|
|
<getDbs value="True"/>
|
|
<getColumns value="True"/>
|
|
<getCount value="True"/>
|
|
<dumpTable value="True"/>
|
|
<db value="sys"/>
|
|
<tbl value="users"/>
|
|
<excludeSysDbs value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: AND boolean-based blind - WHERE or HAVING clause"/>
|
|
<item value="r'back-end DBMS: active fingerprint: Oracle 10g'"/>
|
|
<item value="banner: 'Oracle Database 10g Express Edition Release 10.2.0.1.0 - Product'"/>
|
|
<item value="current user: 'SYS'"/>
|
|
<item value="current schema (equivalent to database on Oracle): 'SYS'"/>
|
|
<item value="hostname: 'debian"/>
|
|
<item value="current user is DBA: True"/>
|
|
<item value="r'database management system users \[.+ANONYMOUS.+SYS.+XDB'"/>
|
|
<item value="r'database management system users password hashes:.+CTXSYS \[.+password hash: D1D21CA56994CAB6.+clear-text password: ORACLE.+DBSNMP \[.+password hash: E066D214D5421CCC.+clear-text password: DBSNMP.+SYS \[.+password hash: 2D5A0C491B634F1B.+clear-text password: TESTPASS'"/>
|
|
<item value="r'database management system users privileges:.+CTXSYS.+ALTER SESSION.+ SYS .+ALTER ANY EVALUATION CONTEXT'"/>
|
|
<item value="r'database management system users roles:.+MDSYS.+CONNECT.+SYS \(administrator\).+DBA.+XDBADMIN'"/>
|
|
<item value="r'available databases \[.+CTXSYS.+MDSYS.+SYSTEM'"/>
|
|
<item value="r'Database: SYS.+Table: USERS.+3 columns.+SURNAME.+VARCHAR2'"/>
|
|
<item value="r'Database: SYS.+Table.+Entries.+USERS.+5'"/>
|
|
<item value="r'Database: SYS.+Table: USERS.+5 entries.+luther.+nameisnull.+'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle error-based multi-threaded enumeration - all entries">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/oracle/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<extensiveFp value="True"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getHostname value="True"/>
|
|
<isDba value="True"/>
|
|
<getUsers value="True"/>
|
|
<getPasswordHashes value="True"/>
|
|
<getPrivileges value="True"/>
|
|
<getRoles value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<getColumns value="True"/>
|
|
<getCount value="True"/>
|
|
<dumpTable value="True"/>
|
|
<db value="sys"/>
|
|
<tbl value="users"/>
|
|
<answers value="do you want to perform a dictionary-based attack against retrieved password hashes=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: Oracle AND error-based - WHERE or HAVING clause (XMLType)"/>
|
|
<item value="r'back-end DBMS: active fingerprint: Oracle 10g'"/>
|
|
<item value="banner: 'Oracle Database 10g Express Edition Release 10.2.0.1.0 - Product'"/>
|
|
<item value="current user: 'SYS'"/>
|
|
<item value="current schema (equivalent to database on Oracle): 'SYS'"/>
|
|
<item value="hostname: 'debian"/>
|
|
<item value="current user is DBA: True"/>
|
|
<item value="r'database management system users \[.+ANONYMOUS.+SYS.+XDB'"/>
|
|
<item value="r'database management system users password hashes:.+CTXSYS \[.+password hash: D1D21CA56994CAB6.+DBSNMP \[.+password hash: E066D214D5421CCC.+SYS \[.+password hash: 2D5A0C491B634F1B'"/>
|
|
<item value="r'database management system users privileges:.+CTXSYS.+ALTER SESSION.+ SYS .+ALTER ANY EVALUATION CONTEXT'"/>
|
|
<item value="r'database management system users roles:.+MDSYS.+CONNECT.+SYS \(administrator\).+DBA.+XDBADMIN'"/>
|
|
<item value="r'available databases \[.+CTXSYS.+MDSYS.+SYSTEM'"/>
|
|
<item value="r'Database: SYS.+ tables.+USERS'"/>
|
|
<item value="r'Database: SYS.+Table: USERS.+3 columns.+SURNAME.+VARCHAR2'"/>
|
|
<item value="r'Database: SYS.+Table.+Entries.+USERS.+5'"/>
|
|
<item value="r'Database: SYS.+Table: USERS.+5 entries.+luther.+nameisnull.+'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle UNION query multi-threaded enumeration - all entries">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/oracle/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<extensiveFp value="True"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getHostname value="True"/>
|
|
<isDba value="True"/>
|
|
<getUsers value="True"/>
|
|
<getPasswordHashes value="True"/>
|
|
<getPrivileges value="True"/>
|
|
<getRoles value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<getColumns value="True"/>
|
|
<getCount value="True"/>
|
|
<dumpTable value="True"/>
|
|
<db value="sys"/>
|
|
<tbl value="users"/>
|
|
<answers value="do you want to perform a dictionary-based attack against retrieved password hashes=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: Generic UNION query (NULL) - 3 columns"/>
|
|
<item value="r'back-end DBMS: active fingerprint: Oracle 10g'"/>
|
|
<item value="banner: 'Oracle Database 10g Express Edition Release 10.2.0.1.0 - Product'"/>
|
|
<item value="current user: 'SYS'"/>
|
|
<item value="current schema (equivalent to database on Oracle): 'SYS'"/>
|
|
<item value="hostname: 'debian"/>
|
|
<item value="current user is DBA: True"/>
|
|
<item value="r'database management system users \[.+ANONYMOUS.+SYS.+XDB'"/>
|
|
<item value="r'database management system users password hashes:.+CTXSYS \[.+password hash: D1D21CA56994CAB6.+DBSNMP \[.+password hash: E066D214D5421CCC.+SYS \[.+password hash: 2D5A0C491B634F1B'"/>
|
|
<item value="r'database management system users privileges:.+CTXSYS.+ALTER SESSION.+ SYS .+ALTER ANY EVALUATION CONTEXT'"/>
|
|
<item value="r'database management system users roles:.+MDSYS.+CONNECT.+SYS \(administrator\).+DBA.+XDBADMIN'"/>
|
|
<item value="r'available databases \[.+CTXSYS.+MDSYS.+SYSTEM'"/>
|
|
<item value="r'Database: SYS.+ tables.+USERS'"/>
|
|
<item value="r'Database: SYS.+Table: USERS.+3 columns.+SURNAME.+VARCHAR2'"/>
|
|
<item value="r'Database: SYS.+Table.+Entries.+USERS.+5'"/>
|
|
<item value="r'Database: SYS.+Table: USERS.+5 entries.+luther.+nameisnull.+'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle partial UNION query multi-threaded enumeration - all entries">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/oracle/get_int_partialunion.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<dbms value="Oracle"/>
|
|
<extensiveFp value="True"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getHostname value="True"/>
|
|
<isDba value="True"/>
|
|
<getUsers value="True"/>
|
|
<getPasswordHashes value="True"/>
|
|
<getPrivileges value="True"/>
|
|
<getRoles value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<getColumns value="True"/>
|
|
<getCount value="True"/>
|
|
<dumpTable value="True"/>
|
|
<db value="sys"/>
|
|
<tbl value="users"/>
|
|
<answers value="do you want to perform a dictionary-based attack against retrieved password hashes=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: Generic UNION query (NULL) - 3 columns"/>
|
|
<item value="r'back-end DBMS: active fingerprint: Oracle 10g'"/>
|
|
<item value="banner: 'Oracle Database 10g Express Edition Release 10.2.0.1.0 - Product'"/>
|
|
<item value="current user: 'SYS'"/>
|
|
<item value="current schema (equivalent to database on Oracle): 'SYS'"/>
|
|
<item value="hostname: 'debian"/>
|
|
<item value="current user is DBA: True"/>
|
|
<item value="r'database management system users \[.+ANONYMOUS.+SYS.+XDB'"/>
|
|
<item value="r'database management system users password hashes:.+CTXSYS \[.+password hash: D1D21CA56994CAB6.+DBSNMP \[.+password hash: E066D214D5421CCC.+SYS \[.+password hash: 2D5A0C491B634F1B'"/>
|
|
<item value="r'database management system users privileges:.+CTXSYS.+ALTER SESSION.+ SYS .+ALTER ANY EVALUATION CONTEXT'"/>
|
|
<item value="r'database management system users roles:.+MDSYS.+CONNECT.+SYS \(administrator\).+DBA.+XDBADMIN'"/>
|
|
<item value="r'available databases \[.+CTXSYS.+MDSYS.+SYSTEM'"/>
|
|
<item value="r'Database: SYS.+ tables.+USERS'"/>
|
|
<item value="r'Database: SYS.+Table: USERS.+3 columns.+SURNAME.+VARCHAR2'"/>
|
|
<item value="r'Database: SYS.+Table.+Entries.+USERS.+5'"/>
|
|
<item value="r'Database: SYS.+Table: USERS.+5 entries.+luther.+nameisnull.+'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle time-based single-threaded enumeration - all entries">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/oracle/get_int_nooutput.php?id=1"/>
|
|
<tech value="T"/>
|
|
<timeSec value="2"/>
|
|
<getBanner value="True"/>
|
|
<isDba value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: Oracle AND time-based blind"/>
|
|
<item value="banner: 'Oracle Database 10g Express Edition Release 10.2.0.1.0 - Product'"/>
|
|
<item value="current user is DBA: True"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle inline queries multi-threaded enumeration - all entries">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/oracle/get_int_inline.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="Q"/>
|
|
<extensiveFp value="True"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getHostname value="True"/>
|
|
<isDba value="True"/>
|
|
<getUsers value="True"/>
|
|
<getPasswordHashes value="True"/>
|
|
<getPrivileges value="True"/>
|
|
<getRoles value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<getColumns value="True"/>
|
|
<getCount value="True"/>
|
|
<dumpTable value="True"/>
|
|
<db value="sys"/>
|
|
<tbl value="users"/>
|
|
<answers value="do you want to perform a dictionary-based attack against retrieved password hashes=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: Oracle inline queries"/>
|
|
<item value="r'back-end DBMS: active fingerprint: Oracle 10g'"/>
|
|
<item value="banner: 'Oracle Database 10g Express Edition Release 10.2.0.1.0 - Product'"/>
|
|
<item value="current user: 'SYS'"/>
|
|
<item value="current schema (equivalent to database on Oracle): 'SYS'"/>
|
|
<item value="hostname: 'debian"/>
|
|
<item value="current user is DBA: True"/>
|
|
<item value="r'database management system users \[.+ANONYMOUS.+SYS.+XDB'"/>
|
|
<item value="r'database management system users password hashes:.+CTXSYS \[.+password hash: D1D21CA56994CAB6.+DBSNMP \[.+password hash: E066D214D5421CCC.+SYS \[.+password hash: 2D5A0C491B634F1B'"/>
|
|
<item value="r'database management system users privileges:.+CTXSYS.+ALTER SESSION.+ SYS .+ALTER ANY EVALUATION CONTEXT'"/>
|
|
<item value="r'database management system users roles:.+MDSYS.+CONNECT.+SYS \(administrator\).+DBA.+XDBADMIN'"/>
|
|
<item value="r'available databases \[.+CTXSYS.+MDSYS.+SYSTEM'"/>
|
|
<item value="r'Database: SYS.+ tables.+USERS'"/>
|
|
<item value="r'Database: SYS.+Table: USERS.+3 columns.+SURNAME.+VARCHAR2'"/>
|
|
<item value="r'Database: SYS.+Table.+Entries.+USERS.+5'"/>
|
|
<item value="r'Database: SYS.+Table: USERS.+5 entries.+luther.+nameisnull.+'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="IBM DB2 boolean-based multi-threaded enumeration - all entries">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/db2/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<extensiveFp value="True"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getHostname value="True"/>
|
|
<isDba value="True"/>
|
|
<getUsers value="True"/>
|
|
<getPasswordHashes value="True"/>
|
|
<getPrivileges value="True"/>
|
|
<getRoles value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<getColumns value="True"/>
|
|
<getCount value="True"/>
|
|
<dumpTable value="True"/>
|
|
<db value="db2inst1"/>
|
|
<tbl value="users"/>
|
|
<excludeSysDbs value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: AND boolean-based blind - WHERE or HAVING clause"/>
|
|
<item value="r'back-end DBMS: active fingerprint: IBM DB2 9.5'"/>
|
|
<item value="banner: 'DB2 v9.5.0.0'"/>
|
|
<item value="current user: 'DB2INST1'"/>
|
|
<item value="current database: 'TESTDB'"/>
|
|
<item value="hostname: 'debian"/>
|
|
<item value="current user is DBA: True"/>
|
|
<item value="r'database management system users \[.+DB2INST1'"/>
|
|
<item value="r'database management system users privileges:.+DB2INST1.+privilege: DB2INST1.USERS.+privilege: SYSTOOLS.POLICY'"/>
|
|
<item value="r'database management system users roles:.+DB2INST1.+role: DB2INST1.USERS.+role: SYSTOOLS.POLICY'"/>
|
|
<item value="r'available databases \[.+DB2INST1.+SYSIBM.+SYSSTAT'"/>
|
|
<item value="r'Database: DB2INST1.+1 table.+USERS'"/>
|
|
<item value="r'Database: DB2INST1.+Table: USERS.+3 columns.+SURNAME.+VARCHAR\(1000\)'"/>
|
|
<item value="r'Database: DB2INST1.+Table.+Entries.+USERS.+5'"/>
|
|
<item value="r'Database: DB2INST1.+Table: USERS.+5 entries.+luther.+nameisnull.+'"/>
|
|
</parse>
|
|
</case>
|
|
<!-- NOTE: SQLite 2 driver on Debian 7 does not work
|
|
<case name="SQLite boolean-based multi-threaded enumeration - all entries">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/sqlite/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<extensiveFp value="True"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getHostname value="True"/>
|
|
<isDba value="True"/>
|
|
<getUsers value="True"/>
|
|
<getPasswordHashes value="True"/>
|
|
<getPrivileges value="True"/>
|
|
<getRoles value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<getColumns value="True"/>
|
|
<getCount value="True"/>
|
|
<dumpTable value="True"/>
|
|
<db value="testdb"/>
|
|
<tbl value="users"/>
|
|
<excludeSysDbs value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: AND boolean-based blind - WHERE or HAVING clause"/>
|
|
<item value="r'back-end DBMS: active fingerprint: SQLite 2'"/>
|
|
<item value="banner: '2.8.17'"/>
|
|
<item value="r'Database: SQLite_masterdb.+1 table.+users'"/>
|
|
<item value="r'Database: SQLite_masterdb.+Table: users.+3 columns.+surname.+TEXT'"/>
|
|
<item value="r'Database: SQLite_masterdb.+Table: users.+5 entries.+luther.+nameisnull.+'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="SQLite UNION query multi-threaded enumeration - all entries">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/sqlite/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<extensiveFp value="True"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getHostname value="True"/>
|
|
<isDba value="True"/>
|
|
<getUsers value="True"/>
|
|
<getPasswordHashes value="True"/>
|
|
<getPrivileges value="True"/>
|
|
<getRoles value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<getColumns value="True"/>
|
|
<getCount value="True"/>
|
|
<dumpTable value="True"/>
|
|
<db value="testdb"/>
|
|
<tbl value="users"/>
|
|
<excludeSysDbs value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: Generic UNION query (NULL) - 3 columns"/>
|
|
<item value="r'back-end DBMS: active fingerprint: SQLite 2'"/>
|
|
<item value="banner: '2.8.17'"/>
|
|
<item value="r'Database: SQLite_masterdb.+1 table.+users'"/>
|
|
<item value="r'Database: SQLite_masterdb.+Table: users.+3 columns.+surname.+TEXT'"/>
|
|
<item value="r'Database: SQLite_masterdb.+Table: users.+5 entries.+luther.+user agent.+'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="SQLite partial UNION query multi-threaded enumeration - all entries">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/sqlite/get_int_partialunion.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<extensiveFp value="True"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getHostname value="True"/>
|
|
<isDba value="True"/>
|
|
<getUsers value="True"/>
|
|
<getPasswordHashes value="True"/>
|
|
<getPrivileges value="True"/>
|
|
<getRoles value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<getColumns value="True"/>
|
|
<getCount value="True"/>
|
|
<dumpTable value="True"/>
|
|
<db value="testdb"/>
|
|
<tbl value="users"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: Generic UNION query (NULL) - 3 columns"/>
|
|
<item value="r'back-end DBMS: active fingerprint: SQLite 2'"/>
|
|
<item value="banner: '2.8.17'"/>
|
|
<item value="r'Database: SQLite_masterdb.+1 table.+users'"/>
|
|
<item value="r'Database: SQLite_masterdb.+Table: users.+3 columns.+surname.+TEXT'"/>
|
|
<item value="r'Database: SQLite_masterdb.+Table: users.+5 entries.+luther.+user agent.+'"/>
|
|
</parse>
|
|
</case>
|
|
-->
|
|
<case name="SQLite 3 boolean-based multi-threaded enumeration - all entries">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/sqlite/get_int_3.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<extensiveFp value="True"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getHostname value="True"/>
|
|
<isDba value="True"/>
|
|
<getUsers value="True"/>
|
|
<getPasswordHashes value="True"/>
|
|
<getPrivileges value="True"/>
|
|
<getRoles value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<getColumns value="True"/>
|
|
<getCount value="True"/>
|
|
<dumpTable value="True"/>
|
|
<db value="testdb"/>
|
|
<tbl value="users"/>
|
|
<excludeSysDbs value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: AND boolean-based blind - WHERE or HAVING clause"/>
|
|
<item value="r'back-end DBMS: active fingerprint: SQLite 3'"/>
|
|
<item value="banner: '3.7.13'"/>
|
|
<item value="r'Database: SQLite_masterdb.+1 table.+users'"/>
|
|
<item value="r'Database: SQLite_masterdb.+Table: users.+3 columns.+surname.+TEXT'"/>
|
|
<item value="r'Database: SQLite_masterdb.+Table: users.+5 entries.+luther.+nameisnull.+'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="SQLite 3 UNION query multi-threaded enumeration - all entries">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/sqlite/get_int_3.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<extensiveFp value="True"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getHostname value="True"/>
|
|
<isDba value="True"/>
|
|
<getUsers value="True"/>
|
|
<getPasswordHashes value="True"/>
|
|
<getPrivileges value="True"/>
|
|
<getRoles value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<getColumns value="True"/>
|
|
<getCount value="True"/>
|
|
<dumpTable value="True"/>
|
|
<db value="testdb"/>
|
|
<tbl value="users"/>
|
|
<excludeSysDbs value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: Generic UNION query (NULL) - 3 columns"/>
|
|
<item value="r'back-end DBMS: active fingerprint: SQLite 3'"/>
|
|
<item value="banner: '3.7.13'"/>
|
|
<item value="r'Database: SQLite_masterdb.+1 table.+users'"/>
|
|
<item value="r'Database: SQLite_masterdb.+Table: users.+3 columns.+surname.+TEXT'"/>
|
|
<item value="r'Database: SQLite_masterdb.+Table: users.+5 entries.+luther.+user agent.+'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="SQLite 3 partial UNION query multi-threaded enumeration - all entries">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/sqlite/get_int_3_partialunion.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<extensiveFp value="True"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getHostname value="True"/>
|
|
<isDba value="True"/>
|
|
<getUsers value="True"/>
|
|
<getPasswordHashes value="True"/>
|
|
<getPrivileges value="True"/>
|
|
<getRoles value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<getColumns value="True"/>
|
|
<getCount value="True"/>
|
|
<dumpTable value="True"/>
|
|
<db value="testdb"/>
|
|
<tbl value="users"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: Generic UNION query (NULL) - 3 columns"/>
|
|
<item value="r'back-end DBMS: active fingerprint: SQLite 3'"/>
|
|
<item value="banner: '3.7.13'"/>
|
|
<item value="r'Database: SQLite_masterdb.+1 table.+users'"/>
|
|
<item value="r'Database: SQLite_masterdb.+Table: users.+3 columns.+surname.+TEXT'"/>
|
|
<item value="r'Database: SQLite_masterdb.+Table: users.+5 entries.+luther.+user agent.+'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="SQLite 3 time-based single-threaded enumeration - all entries">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/sqlite/get_int_3_nooutput.php?id=1"/>
|
|
<tech value="T"/>
|
|
<extensiveFp value="True"/>
|
|
<level value="3"/>
|
|
<risk value="2"/>
|
|
<getBanner value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: SQLite > 2.0 AND time-based blind (heavy query)"/>
|
|
<item value="r'back-end DBMS: active fingerprint: SQLite 3'"/>
|
|
<item value="banner: '3.7.13'"/>
|
|
</parse>
|
|
</case>
|
|
<!-- NOTE: SQLite 2 driver on Debian 7 does not work
|
|
<case name="SQLite inline queries multi-threaded enumeration - all entries">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/sqlite/get_int_inline.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="Q"/>
|
|
<extensiveFp value="True"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getHostname value="True"/>
|
|
<isDba value="True"/>
|
|
<getUsers value="True"/>
|
|
<getPasswordHashes value="True"/>
|
|
<getPrivileges value="True"/>
|
|
<getRoles value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<getColumns value="True"/>
|
|
<getCount value="True"/>
|
|
<dumpTable value="True"/>
|
|
<db value="testdb"/>
|
|
<tbl value="users"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: SQLite inline queries"/>
|
|
<item value="r'back-end DBMS: active fingerprint: SQLite 2'"/>
|
|
<item value="banner: '2.8.17'"/>
|
|
<item value="r'Database: SQLite_masterdb.+1 table.+users'"/>
|
|
<item value="r'Database: SQLite_masterdb.+Table: users.+3 columns.+surname.+TEXT'"/>
|
|
<item value="r'Database: SQLite_masterdb.+Table: users.+5 entries.+luther.+nameisnull.+'"/>
|
|
</parse>
|
|
</case>
|
|
-->
|
|
<case name="Firebird boolean-based multi-threaded enumeration - all entries">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/firebird/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<extensiveFp value="True"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getHostname value="True"/>
|
|
<isDba value="True"/>
|
|
<getUsers value="True"/>
|
|
<getPasswordHashes value="True"/>
|
|
<getPrivileges value="True"/>
|
|
<getRoles value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<getColumns value="True"/>
|
|
<getCount value="True"/>
|
|
<dumpTable value="True"/>
|
|
<tbl value="users"/>
|
|
<excludeSysDbs value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: AND boolean-based blind - WHERE or HAVING clause"/>
|
|
<item value="r'back-end DBMS: active fingerprint: Firebird 2.1 \(dialect 3\)'"/>
|
|
<item value="banner: '2.5.2'"/>
|
|
<item value="current user: 'SYSDBA'"/>
|
|
<item value="r'current database: '/'"/>
|
|
<item value="current user is DBA: True"/>
|
|
<item value="r'database management system users \[.+PUBLIC.+SYSDBA'"/>
|
|
<item value="r'database management system users privileges:.+PUBLIC.+privilege: SELECT.+SYSDBA.+privilege: DELETE.+privilege: UPDATE'"/>
|
|
<item value="r'database management system users roles:.+PUBLIC.+role: SELECT.+SYSDBA.+role: DELETE.+role: UPDATE'"/>
|
|
<item value="r'Database: Firebird_masterdb.+1 table.+USERS'"/>
|
|
<item value="r'Database: Firebird_masterdb.+Table: USERS.+3 columns.+SURNAME.+VARCHAR'"/>
|
|
<item value="r'Database: Firebird_masterdb.+Table.+Entries.+USERS.+5'"/>
|
|
<item value="r'Database: Firebird_masterdb.+Table: USERS.+5 entries.+luther.+nameisnull.+'"/>
|
|
</parse>
|
|
</case>
|
|
<!-- TODO: this test case fails because of issue #358
|
|
<case name="Firebird error-based multi-threaded enumeration - all entries">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/firebird/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<extensiveFp value="True"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getHostname value="True"/>
|
|
<isDba value="True"/>
|
|
<getUsers value="True"/>
|
|
<getPasswordHashes value="True"/>
|
|
<getPrivileges value="True"/>
|
|
<getRoles value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<getColumns value="True"/>
|
|
<getCount value="True"/>
|
|
<dumpTable value="True"/>
|
|
<tbl value="users"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: AND boolean-based blind - WHERE or HAVING clause"/>
|
|
<item value="r'back-end DBMS: active fingerprint: Firebird 2.1 \(dialect 3\)'"/>
|
|
<item value="banner: '2.5.2'"/>
|
|
<item value="current user: 'SYSDBA'"/>
|
|
<item value="r'current database: '/'"/>
|
|
<item value="current user is DBA: True"/>
|
|
<item value="r'database management system users \[.+PUBLIC.+SYSDBA'"/>
|
|
<item value="r'database management system users privileges:.+PUBLIC.+privilege: SELECT.+SYSDBA.+privilege: DELETE.+privilege: UPDATE'"/>
|
|
<item value="r'database management system users roles:.+PUBLIC.+role: SELECT.+SYSDBA.+role: DELETE.+role: UPDATE'"/>
|
|
<item value="r'Database: Firebird_masterdb.+1 table.+USERS'"/>
|
|
<item value="r'Database: Firebird_masterdb.+Table: USERS.+3 columns.+SURNAME.+VARCHAR'"/>
|
|
<item value="r'Database: Firebird_masterdb.+Table.+Entries.+USERS.+5'"/>
|
|
<item value="r'Database: Firebird_masterdb.+Table: USERS.+5 entries.+luther.+nameisnull.+'"/>
|
|
</parse>
|
|
</case>
|
|
-->
|
|
<case name="Firebird UNION query multi-threaded enumeration - all entries">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/firebird/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<extensiveFp value="True"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getHostname value="True"/>
|
|
<isDba value="True"/>
|
|
<getUsers value="True"/>
|
|
<getPasswordHashes value="True"/>
|
|
<getPrivileges value="True"/>
|
|
<getRoles value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<getColumns value="True"/>
|
|
<getCount value="True"/>
|
|
<dumpTable value="True"/>
|
|
<tbl value="users"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: Generic UNION query (NULL) - 3 columns"/>
|
|
<item value="r'back-end DBMS: active fingerprint: Firebird 2.1 \(dialect 3\)'"/>
|
|
<item value="banner: '2.5.2'"/>
|
|
<item value="current user: 'SYSDBA'"/>
|
|
<item value="r'current database: '/'"/>
|
|
<item value="current user is DBA: True"/>
|
|
<item value="r'database management system users \[.+PUBLIC.+SYSDBA'"/>
|
|
<item value="r'database management system users privileges:.+PUBLIC.+privilege: SELECT.+SYSDBA.+privilege: DELETE.+privilege: UPDATE'"/>
|
|
<item value="r'database management system users roles:.+PUBLIC.+role: SELECT.+SYSDBA.+role: DELETE.+role: UPDATE'"/>
|
|
<item value="r'Database: Firebird_masterdb.+1 table.+USERS'"/>
|
|
<item value="r'Database: Firebird_masterdb.+Table: USERS.+3 columns.+SURNAME.+VARCHAR'"/>
|
|
<item value="r'Database: Firebird_masterdb.+Table.+Entries.+USERS.+5'"/>
|
|
<item value="r'Database: Firebird_masterdb.+Table: USERS.+5 entries.+luther.+nameisnull.+'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Firebird partial UNION query multi-threaded enumeration - all entries">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/firebird/get_int_partialunion.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<dbms value="Firebird"/>
|
|
<extensiveFp value="True"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getHostname value="True"/>
|
|
<isDba value="True"/>
|
|
<getUsers value="True"/>
|
|
<getPasswordHashes value="True"/>
|
|
<getPrivileges value="True"/>
|
|
<getRoles value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<getColumns value="True"/>
|
|
<getCount value="True"/>
|
|
<dumpTable value="True"/>
|
|
<tbl value="users"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: Generic UNION query (NULL) - 3 columns"/>
|
|
<item value="r'back-end DBMS: active fingerprint: Firebird 2.1 \(dialect 3\)'"/>
|
|
<item value="banner: '2.5.2'"/>
|
|
<item value="current user: 'SYSDBA'"/>
|
|
<item value="r'current database: '/'"/>
|
|
<item value="current user is DBA: True"/>
|
|
<item value="r'database management system users \[.+PUBLIC.+SYSDBA'"/>
|
|
<item value="r'database management system users privileges:.+PUBLIC.+privilege: SELECT.+SYSDBA.+privilege: DELETE.+privilege: UPDATE'"/>
|
|
<item value="r'database management system users roles:.+PUBLIC.+role: SELECT.+SYSDBA.+role: DELETE.+role: UPDATE'"/>
|
|
<item value="r'Database: Firebird_masterdb.+1 table.+USERS'"/>
|
|
<item value="r'Database: Firebird_masterdb.+Table: USERS.+3 columns.+SURNAME.+VARCHAR'"/>
|
|
<item value="r'Database: Firebird_masterdb.+Table.+Entries.+USERS.+5'"/>
|
|
<item value="r'Database: Firebird_masterdb.+Table: USERS.+5 entries.+luther.+nameisnull.+'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Firebird time-based single-threaded enumeration - all entries">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/firebird/get_int_nooutput.php?id=1"/>
|
|
<tech value="T"/>
|
|
<level value="4"/>
|
|
<risk value="2"/>
|
|
<timeSec value="2"/>
|
|
<getBanner value="True"/>
|
|
<isDba value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: Firebird AND time-based blind (heavy query)"/>
|
|
<item value="banner: '2.5.2'"/>
|
|
<item value="current user is DBA: True"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Firebird inline queries multi-threaded enumeration - all entries">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/firebird/get_int_inline.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="Q"/>
|
|
<level value="2"/>
|
|
<extensiveFp value="True"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getHostname value="True"/>
|
|
<isDba value="True"/>
|
|
<getUsers value="True"/>
|
|
<getPasswordHashes value="True"/>
|
|
<getPrivileges value="True"/>
|
|
<getRoles value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<getColumns value="True"/>
|
|
<getCount value="True"/>
|
|
<dumpTable value="True"/>
|
|
<tbl value="users"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: Firebird inline queries"/>
|
|
<item value="r'back-end DBMS: active fingerprint: Firebird 2.1 \(dialect 3\)'"/>
|
|
<item value="banner: '2.5.2'"/>
|
|
<item value="current user: 'SYSDBA'"/>
|
|
<item value="r'current database: '/'"/>
|
|
<item value="current user is DBA: True"/>
|
|
<item value="r'database management system users \[.+PUBLIC.+SYSDBA'"/>
|
|
<item value="r'database management system users privileges:.+PUBLIC.+privilege: SELECT.+SYSDBA.+privilege: DELETE.+privilege: UPDATE'"/>
|
|
<item value="r'database management system users roles:.+PUBLIC.+role: SELECT.+SYSDBA.+role: DELETE.+role: UPDATE'"/>
|
|
<item value="r'Database: Firebird_masterdb.+1 table.+USERS'"/>
|
|
<item value="r'Database: Firebird_masterdb.+Table: USERS.+3 columns.+SURNAME.+VARCHAR'"/>
|
|
<item value="r'Database: Firebird_masterdb.+Table.+Entries.+USERS.+5'"/>
|
|
<item value="r'Database: Firebird_masterdb.+Table: USERS.+5 entries.+luther.+nameisnull.+'"/>
|
|
</parse>
|
|
</case>
|
|
<!-- End of common enumeration switches across all techniques -->
|
|
|
|
<!-- Custom enumeration switches -->
|
|
<case name="MySQL error-based multi-threaded custom enumeration">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<getSchema value="True"/>
|
|
<dumpTable value="True"/>
|
|
<db value="testdb"/>
|
|
<tbl value="users"/>
|
|
<limitStart value="2"/>
|
|
<limitStop value="4"/>
|
|
<excludeSysDbs value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: testdb.+Table: users.+3 columns.+surname.+varchar\(1000\)'"/>
|
|
<item value="r'Database: testdb.+Table: users.+3 entries.+fluffy.+bunny.+wu.+ming'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL UNION query multi-threaded custom enumeration">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<getSchema value="True"/>
|
|
<dumpTable value="True"/>
|
|
<db value="testdb"/>
|
|
<tbl value="users"/>
|
|
<limitStart value="2"/>
|
|
<limitStop value="4"/>
|
|
<excludeSysDbs value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: testdb.+Table: users.+3 columns.+surname.+varchar\(1000\)'"/>
|
|
<item value="r'Database: testdb.+Table: users.+3 entries.+fluffy.+bunny.+wu.+ming'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL boolean-based multi-threaded custom enumeration - substring">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<dumpTable value="True"/>
|
|
<db value="testdb"/>
|
|
<tbl value="users"/>
|
|
<firstChar value="3"/>
|
|
<lastChar value="5"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'fetching number of entries for table .+retrieving the length of query output\n[\r]*\[.+?\] \[INFO\] retrieved: [\d]+'" console_output="True"/>
|
|
<item value="r'Database: testdb.+Table: users.+5 entries.+the | iss.+<blank> | mei'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL error-based multi-threaded custom enumeration">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<getSchema value="True"/>
|
|
<dumpTable value="True"/>
|
|
<db value="public"/>
|
|
<tbl value="users"/>
|
|
<limitStart value="2"/>
|
|
<limitStop value="4"/>
|
|
<excludeSysDbs value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: public.+Table: users.+3 columns.+surname.+bpchar'"/>
|
|
<item value="r'Database: public.+Table: users.+3 entries.+fluffy.+bunny.+wu.+ming'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL UNION query multi-threaded custom enumeration">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<getSchema value="True"/>
|
|
<dumpTable value="True"/>
|
|
<db value="public"/>
|
|
<tbl value="users"/>
|
|
<limitStart value="2"/>
|
|
<limitStop value="4"/>
|
|
<excludeSysDbs value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: public.+Table: users.+3 columns.+surname.+bpchar'"/>
|
|
<item value="r'Database: public.+Table: users.+3 entries.+fluffy.+bunny.+wu.+ming'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL boolean-based multi-threaded custom enumeration - substring">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<dumpTable value="True"/>
|
|
<db value="public"/>
|
|
<tbl value="users"/>
|
|
<firstChar value="3"/>
|
|
<lastChar value="5"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'fetching number of entries for table .+retrieving the length of query output\n[\r]*\[.+?\] \[INFO\] retrieved: [\d]+'" console_output="True"/>
|
|
<item value="r'Database: public.+Table: users.+5 entries.+the | iss.+<blank> | mei'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle error-based multi-threaded custom enumeration">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/oracle/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<getSchema value="True"/>
|
|
<dumpTable value="True"/>
|
|
<db value="sys"/>
|
|
<tbl value="users"/>
|
|
<limitStart value="2"/>
|
|
<limitStop value="4"/>
|
|
<excludeSysDbs value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: HR.+Table: JOBS.+4 columns.+MIN_SALARY.+NUMBER'"/>
|
|
<item value="r'Database: SYS.+Table: USERS.+3 entries.+fluffy.+bunny.+wu.+ming'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle UNION query multi-threaded custom enumeration">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/oracle/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<getSchema value="True"/>
|
|
<dumpTable value="True"/>
|
|
<db value="sys"/>
|
|
<tbl value="users"/>
|
|
<limitStart value="2"/>
|
|
<limitStop value="4"/>
|
|
<excludeSysDbs value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: HR.+Table: JOBS.+4 columns.+MIN_SALARY.+NUMBER'"/>
|
|
<item value="r'Database: SYS.+Table: USERS.+3 entries.+fluffy.+bunny.+wu.+ming'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle boolean-based multi-threaded custom enumeration - substring">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/oracle/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<dumpTable value="True"/>
|
|
<db value="sys"/>
|
|
<tbl value="users"/>
|
|
<firstChar value="3"/>
|
|
<lastChar value="5"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'fetching number of entries for table .+retrieving the length of query output\n[\r]*\[.+?\] \[INFO\] retrieved: [\d]+'" console_output="True"/>
|
|
<item value="r'Database: SYS.+Table: USERS.+5 entries.+the | iss.+<blank> | mei'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="IBM DB2 boolean-based multi-threaded custom enumeration - substring">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/db2/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<dumpTable value="True"/>
|
|
<db value="db2inst1"/>
|
|
<tbl value="users"/>
|
|
<firstChar value="3"/>
|
|
<lastChar value="5"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'fetching number of entries for table .+retrieving the length of query output\n[\r]*\[.+?\] \[INFO\] retrieved: [\d]+'" console_output="True"/>
|
|
<item value="r'Database: DB2INST1.+Table: USERS.+5 entries.+the | iss.+NULL | mei'"/>
|
|
</parse>
|
|
</case>
|
|
<!-- NOTE: SQLite 2 driver on Debian 7 does not work
|
|
<case name="SQLite UNION query multi-threaded custom enumeration">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/sqlite/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<getSchema value="True"/>
|
|
<dumpTable value="True"/>
|
|
<tbl value="users"/>
|
|
<limitStart value="2"/>
|
|
<limitStop value="4"/>
|
|
<excludeSysDbs value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: SQLite_masterdb.+Table: users.+3 columns.+surname.+TEXT'"/>
|
|
<item value="r'Database: SQLite_masterdb.+Table: users.+3 entries.+fluffy.+bunny.+wu.+ming'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="SQLite boolean-based multi-threaded custom enumeration - substring">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/sqlite/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<dumpTable value="True"/>
|
|
<tbl value="users"/>
|
|
<firstChar value="3"/>
|
|
<lastChar value="5"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'fetching number of entries for table .+retrieving the length of query output\n[\r]*\[.+?\] \[INFO\] retrieved: [\d]+'" console_output="True"/>
|
|
<item value="r'Database: SQLite_masterdb.+Table: users.+5 entries.+the | iss.+<blank> | mei'"/>
|
|
</parse>
|
|
</case>
|
|
-->
|
|
<case name="Firebird UNION query multi-threaded custom enumeration">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/firebird/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<getSchema value="True"/>
|
|
<dumpTable value="True"/>
|
|
<tbl value="users"/>
|
|
<limitStart value="2"/>
|
|
<limitStop value="4"/>
|
|
<excludeSysDbs value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: Firebird_masterdb.+Table: USERS.+3 columns.+SURNAME.+VARCHAR'"/>
|
|
<item value="r'Database: Firebird_masterdb.+Table: USERS.+3 entries.+fluffy.+bunny.+wu.+ming'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Firebird boolean-based multi-threaded custom enumeration - substring">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/firebird/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<dumpTable value="True"/>
|
|
<tbl value="users"/>
|
|
<firstChar value="3"/>
|
|
<lastChar value="5"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'fetching number of entries for table .+retrieving the length of query output\n[\r]*\[.+?\] \[INFO\] retrieved: [\d]+'" console_output="True"/>
|
|
<item value="r'Database: Firebird_masterdb.+Table: USERS.+5 entries.+the .+| iss.+ | mei'"/>
|
|
</parse>
|
|
</case>
|
|
<!-- End of custom enumeration switches -->
|
|
|
|
<!-- Brute force switches -->
|
|
<case name="MySQL boolean-based brute-force tables enumeration - provided no database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<commonTables value="True"/>
|
|
<answers value="are you sure you want to continue=Y"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Current database.+2 tables.+data.+users'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL boolean-based brute-force tables enumeration - provided database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<db value="testdb"/>
|
|
<commonTables value="True"/>
|
|
<answers value="are you sure you want to continue=Y"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: testdb.+2 tables.+data.+users'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL error-based brute-force tables enumeration - provided no database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<commonTables value="True"/>
|
|
<answers value="are you sure you want to continue=Y"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Current database.+2 tables.+data.+users'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL error-based brute-force tables enumeration - provided database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<db value="testdb"/>
|
|
<commonTables value="True"/>
|
|
<answers value="are you sure you want to continue=Y"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: testdb.+2 tables.+data.+users'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL UNION query brute-force tables enumeration - provided no database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<commonTables value="True"/>
|
|
<answers value="are you sure you want to continue=Y"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Current database.+2 tables.+data.+users'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL UNION query brute-force tables enumeration - provided database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<db value="testdb"/>
|
|
<commonTables value="True"/>
|
|
<answers value="are you sure you want to continue=Y"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: testdb.+2 tables.+data.+users'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL boolean-based brute-force tables enumeration - provided no database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<commonTables value="True"/>
|
|
<answers value="are you sure you want to continue=Y"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Current database.+2 tables.+users'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL boolean-based brute-force tables enumeration - provided database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<db value="public"/>
|
|
<commonTables value="True"/>
|
|
<answers value="are you sure you want to continue=Y"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: public.+1 table.+users'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL error-based brute-force tables enumeration - provided no database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<commonTables value="True"/>
|
|
<answers value="are you sure you want to continue=Y"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Current database.+2 tables.+users'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL error-based brute-force tables enumeration - provided database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<db value="public"/>
|
|
<commonTables value="True"/>
|
|
<answers value="are you sure you want to continue=Y"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: public.+1 table.+users'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL UNION query brute-force tables enumeration - provided no database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<commonTables value="True"/>
|
|
<answers value="are you sure you want to continue=Y"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Current database.+2 tables.+users'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL UNION query brute-force tables enumeration - provided database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<db value="public"/>
|
|
<commonTables value="True"/>
|
|
<answers value="are you sure you want to continue=Y"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: public.+1 table.+users'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle boolean-based brute-force tables enumeration - provided no database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/oracle/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<commonTables value="True"/>
|
|
<answers value="are you sure you want to continue=Y"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Current database.+6 tables.+USERS'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle boolean-based brute-force tables enumeration - provided database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/oracle/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<db value="sys"/>
|
|
<commonTables value="True"/>
|
|
<answers value="are you sure you want to continue=Y"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: SYS.+6 tables.+USERS'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle error-based brute-force tables enumeration - provided no database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/oracle/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<commonTables value="True"/>
|
|
<answers value="are you sure you want to continue=Y"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Current database.+6 tables.+USERS'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle error-based brute-force tables enumeration - provided database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/oracle/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<db value="sys"/>
|
|
<commonTables value="True"/>
|
|
<answers value="are you sure you want to continue=Y"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: SYS.+6 tables.+USERS'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle UNION query brute-force tables enumeration - provided no database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/oracle/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<commonTables value="True"/>
|
|
<answers value="are you sure you want to continue=Y"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Current database.+6 tables.+USERS'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle UNION query brute-force tables enumeration - provided database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/oracle/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<db value="sys"/>
|
|
<commonTables value="True"/>
|
|
<answers value="are you sure you want to continue=Y"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: SYS.+6 tables.+USERS'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="IBM DB2 boolean-based brute-force tables enumeration - provided no database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/db2/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<commonTables value="True"/>
|
|
<answers value="are you sure you want to continue=Y"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Current database.+1 table.+users'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="IBM DB2 boolean-based brute-force tables enumeration - provided database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/db2/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<db value="db2inst1"/>
|
|
<commonTables value="True"/>
|
|
<answers value="are you sure you want to continue=Y"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: DB2INST1.+1 table.+users'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="SQLite 3 boolean-based brute-force tables enumeration - provided no database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/sqlite/get_int_3.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<commonTables value="True"/>
|
|
<answers value="are you sure you want to continue=Y"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Current database.+1 table.+users'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="SQLite 3 UNION query brute-force tables enumeration - provided no database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/sqlite/get_int_3.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<commonTables value="True"/>
|
|
<answers value="are you sure you want to continue=Y"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Current database.+1 table.+users'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Firebird boolean-based brute-force tables enumeration - provided no database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/firebird/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<commonTables value="True"/>
|
|
<answers value="are you sure you want to continue=Y"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Current database.+1 table.+users'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Firebird UNION query brute-force tables enumeration - provided no database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/firebird/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<commonTables value="True"/>
|
|
<answers value="are you sure you want to continue=Y"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Current database.+1 table.+users'"/>
|
|
</parse>
|
|
</case>
|
|
<!-- TODO: add test cases to brute-force columns -->
|
|
<!-- End of brute force switches -->
|
|
|
|
<!-- Search enumeration switches -->
|
|
<case name="MySQL boolean-based multi-threaded search enumeration - database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<search value="True"/>
|
|
<db value="e"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'found databases.+:.+\[\*\] information_schema.+\[\*\] testdb'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL error-based multi-threaded search enumeration - database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<search value="True"/>
|
|
<db value="e"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'found databases.+:.+\[\*\] information_schema.+\[\*\] testdb'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL UNION query multi-threaded search enumeration - database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<search value="True"/>
|
|
<db value="e"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'found databases.+:.+\[\*\] information_schema.+\[\*\] testdb'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL boolean-based multi-threaded search enumeration - tables given database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<search value="True"/>
|
|
<db value="testdb"/>
|
|
<tbl value="foo,se,bar"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: testdb.+1 table.+users'"/>
|
|
<item value="r'.+5 entries.+wu.+nameisnull'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL error-based multi-threaded search enumeration - tables given database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<search value="True"/>
|
|
<db value="testdb"/>
|
|
<tbl value="foo,se,bar"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: testdb.+1 table.+users'"/>
|
|
<item value="r'.+5 entries.+wu.+nameisnull'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL UNION query multi-threaded search enumeration - tables given database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<search value="True"/>
|
|
<db value="testdb"/>
|
|
<tbl value="foo,se,bar"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: testdb.+1 table.+users'"/>
|
|
<item value="r'.+5 entries.+wu.+nameisnull'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL boolean-based multi-threaded search enumeration - tables without given database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<search value="True"/>
|
|
<tbl value="user"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: testdb.+1 table.+users.+Database: mysql.+1 table.+user '"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL error-based multi-threaded search enumeration - tables without given database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<search value="True"/>
|
|
<tbl value="user"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: testdb.+1 table.+users.+Database: mysql.+1 table.+user '"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL UNION query multi-threaded search enumeration - tables without given database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<search value="True"/>
|
|
<tbl value="user"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: testdb.+1 table.+users.+Database: mysql.+1 table.+user '"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL boolean-based multi-threaded search enumeration - column without given db or table">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<search value="True"/>
|
|
<col value="name"/>
|
|
<excludeSysDbs value="True"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: testdb.+Table: users.+2 columns.+name.+surname'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL error-based multi-threaded search enumeration - column without given db or table">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<search value="True"/>
|
|
<col value="name"/>
|
|
<excludeSysDbs value="True"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: testdb.+Table: users.+2 columns.+name.+varchar\(500\).+surname.+varchar\(1000\)'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL UNION query multi-threaded search enumeration - column without given db or table">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<search value="True"/>
|
|
<col value="name"/>
|
|
<excludeSysDbs value="True"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: testdb.+Table: users.+2 columns.+name.+varchar\(500\).+surname.+varchar\(1000\)'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL boolean-based multi-threaded search enumeration - column given databases">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<search value="True"/>
|
|
<db value="mysql,testdb"/>
|
|
<col value="name"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: testdb.+Table: users.+2 columns.+name.+surname'"/>
|
|
<item value="r'Database: mysql.+Table: plugin.+1 column.+name'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL error-based multi-threaded search enumeration - column given databases">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<search value="True"/>
|
|
<db value="mysql,testdb"/>
|
|
<col value="name"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: testdb.+Table: users.+2 columns.+name.+varchar\(500\).+surname.+varchar\(1000\)'"/>
|
|
<item value="r'Database: mysql.+Table: plugin.+1 column.+name.+char\(64\)'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL UNION query multi-threaded search enumeration - column given databases">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<search value="True"/>
|
|
<db value="mysql,testdb"/>
|
|
<col value="name"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: testdb.+Table: users.+2 columns.+name.+varchar\(500\).+surname.+varchar\(1000\)'"/>
|
|
<item value="r'Database: mysql.+Table: plugin.+1 column.+name.+char\(64\)'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL boolean-based multi-threaded search enumeration - column given tables">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<search value="True"/>
|
|
<tbl value="users,plugin"/>
|
|
<col value="name"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: testdb.+Table: users.+2 columns.+name.+surname'"/>
|
|
<item value="r'Database: mysql.+Table: plugin.+1 column.+name'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL error-based multi-threaded search enumeration - column given tables">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<search value="True"/>
|
|
<tbl value="users,plugin"/>
|
|
<col value="name"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: testdb.+Table: users.+2 columns.+name.+varchar\(500\).+surname.+varchar\(1000\)'"/>
|
|
<item value="r'Database: mysql.+Table: plugin.+1 column.+name.+char\(64\)'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL UNION query multi-threaded search enumeration - column given tables">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<search value="True"/>
|
|
<tbl value="users,plugin"/>
|
|
<col value="name"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: testdb.+Table: users.+2 columns.+name.+varchar\(500\).+surname.+varchar\(1000\)'"/>
|
|
<item value="r'Database: mysql.+Table: plugin.+1 column.+name.+char\(64\)'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL boolean-based multi-threaded search enumeration - column given databases and table">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<search value="True"/>
|
|
<db value="mysql,testdb"/>
|
|
<tbl value="users"/>
|
|
<col value="name"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: testdb.+Table: users.+2 columns.+name.+surname'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL error-based multi-threaded search enumeration - column given databases and table">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<search value="True"/>
|
|
<db value="mysql,testdb"/>
|
|
<tbl value="users"/>
|
|
<col value="name"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: testdb.+Table: users.+2 columns.+name.+varchar\(500\).+surname.+varchar\(1000\)'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL UNION query multi-threaded search enumeration - column given databases and table">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<search value="True"/>
|
|
<db value="mysql,testdb"/>
|
|
<tbl value="users"/>
|
|
<col value="name"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: testdb.+Table: users.+2 columns.+name.+varchar\(500\).+surname.+varchar\(1000\)'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL boolean-based multi-threaded search enumeration - database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<search value="True"/>
|
|
<db value="te"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'found databases.+:.+\[\*\] template0.+\[\*\] testdb'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL error-based multi-threaded search enumeration - database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<search value="True"/>
|
|
<db value="te"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'found databases.+:.+\[\*\] template0.+\[\*\] testdb'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL UNION query multi-threaded search enumeration - database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<search value="True"/>
|
|
<db value="te"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'found databases.+:.+\[\*\] template0.+\[\*\] testdb'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL boolean-based multi-threaded search enumeration - tables given database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<search value="True"/>
|
|
<db value="public"/>
|
|
<tbl value="foo,se,bar"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: public.+1 table.+users'"/>
|
|
<item value="r'.+5 entries.+wu.+nameisnull'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL error-based multi-threaded search enumeration - tables given database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<search value="True"/>
|
|
<db value="public"/>
|
|
<tbl value="foo,se,bar"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: public.+1 table.+users'"/>
|
|
<item value="r'.+5 entries.+wu.+nameisnull'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL UNION query multi-threaded search enumeration - tables given database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<search value="True"/>
|
|
<db value="public"/>
|
|
<tbl value="foo,se,bar"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: public.+1 table.+users'"/>
|
|
<item value="r'.+5 entries.+wu.+nameisnull'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL boolean-based multi-threaded search enumeration - tables without given database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<search value="True"/>
|
|
<tbl value="user"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: pg_catalog.+1 table.+pg_user_mapping.+Database: public.+1 table.+users'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL error-based multi-threaded search enumeration - tables without given database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<search value="True"/>
|
|
<tbl value="user"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: pg_catalog.+1 table.+pg_user_mapping.+Database: public.+1 table.+users'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL UNION query multi-threaded search enumeration - tables without given database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<search value="True"/>
|
|
<tbl value="user"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: pg_catalog.+1 table.+pg_user_mapping.+Database: public.+1 table.+users'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL boolean-based multi-threaded search enumeration - column without given db or table">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<search value="True"/>
|
|
<col value="name"/>
|
|
<excludeSysDbs value="True"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: public.+Table: users.+2 columns.+name.+surname'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL error-based multi-threaded search enumeration - column without given db or table">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<search value="True"/>
|
|
<col value="name"/>
|
|
<excludeSysDbs value="True"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: public.+Table: users.+2 columns.+name.+bpchar.+surname.+bpchar'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL UNION query multi-threaded search enumeration - column without given db or table">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<search value="True"/>
|
|
<col value="name"/>
|
|
<excludeSysDbs value="True"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: public.+Table: users.+2 columns.+name.+bpchar.+surname.+bpchar'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL boolean-based multi-threaded search enumeration - column given databases">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<search value="True"/>
|
|
<db value="information_schema,public"/>
|
|
<col value="name"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: information_schema.+Table: sql_parts.+1 column.+feature_name'"/>
|
|
<item value="r'Database: public.+Table: users.+2 columns.+name.+surname'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL error-based multi-threaded search enumeration - column given databases">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<search value="True"/>
|
|
<db value="information_schema,public"/>
|
|
<col value="name"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: information_schema.+Table: sql_parts.+1 column.+feature_name.+character_data'"/>
|
|
<item value="r'Database: public.+Table: users.+2 columns.+name.+surname'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL UNION query multi-threaded search enumeration - column given databases">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<search value="True"/>
|
|
<db value="information_schema,public"/>
|
|
<col value="name"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: information_schema.+Table: sql_parts.+1 column.+feature_name.+character_data'"/>
|
|
<item value="r'Database: public.+Table: users.+2 columns.+name.+surname'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL boolean-based multi-threaded search enumeration - column given tables">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<search value="True"/>
|
|
<tbl value="users,sql_parts"/>
|
|
<col value="name"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: public.+Table: users.+2 columns.+name.+surname'"/>
|
|
<item value="r'Database: information_schema.+Table: sql_parts.+1 column.+feature_name'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL error-based multi-threaded search enumeration - column given tables">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<search value="True"/>
|
|
<tbl value="users,sql_parts"/>
|
|
<col value="name"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: public.+Table: users.+2 columns.+name.+bpchar.+surname.+bpchar'"/>
|
|
<item value="r'Database: information_schema.+Table: sql_parts.+1 column.+feature_name.+character_data'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL UNION query multi-threaded search enumeration - column given tables">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<search value="True"/>
|
|
<tbl value="users,sql_parts"/>
|
|
<col value="name"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: public.+Table: users.+2 columns.+name.+bpchar.+surname.+bpchar'"/>
|
|
<item value="r'Database: information_schema.+Table: sql_parts.+1 column.+feature_name.+character_data'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL boolean-based multi-threaded search enumeration - column given databases and table">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<search value="True"/>
|
|
<db value="public,information_schema"/>
|
|
<tbl value="users,sql_parts"/>
|
|
<col value="name"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: public.+Table: users.+2 columns.+name.+surname'"/>
|
|
<item value="r'Database: information_schema.+Table: sql_parts.+1 column.+feature_name'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL error-based multi-threaded search enumeration - column given databases and table">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<search value="True"/>
|
|
<db value="public,information_schema"/>
|
|
<tbl value="users,sql_parts"/>
|
|
<col value="name"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: public.+Table: users.+2 columns.+name.+bpchar.+surname.+bpchar'"/>
|
|
<item value="r'Database: information_schema.+Table: sql_parts.+1 column.+feature_name.+character_data'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL UNION query multi-threaded search enumeration - column given databases and table">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<search value="True"/>
|
|
<db value="public,information_schema"/>
|
|
<tbl value="users,sql_parts"/>
|
|
<col value="name"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: public.+Table: users.+2 columns.+name.+bpchar.+surname.+bpchar'"/>
|
|
<item value="r'Database: information_schema.+Table: sql_parts.+1 column.+feature_name.+character_data'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle boolean-based multi-threaded search enumeration - database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/oracle/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<search value="True"/>
|
|
<db value="sys"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'found databases.+:.+\[\*\] CTXSYS.+\[\*\] SYS.+\[\*\] TSMSYS'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle error-based multi-threaded search enumeration - database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/oracle/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<search value="True"/>
|
|
<db value="sys"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'found databases.+:.+\[\*\] CTXSYS.+\[\*\] SYS.+\[\*\] TSMSYS'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle UNION query multi-threaded search enumeration - database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/oracle/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<search value="True"/>
|
|
<db value="sys"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'found databases.+:.+\[\*\] CTXSYS.+\[\*\] SYS.+\[\*\] TSMSYS'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle boolean-based multi-threaded search enumeration - tables given database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/oracle/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<search value="True"/>
|
|
<db value="sys"/>
|
|
<tbl value="user,aux,wrong"/>
|
|
<answers value="do you want to dump tables=N,do you want to crack them via a dictionary-based attack=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: SYS.+9 tables.+AUX_STATS.+USERS.+AUX_HISTORY'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle error-based multi-threaded search enumeration - tables given database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/oracle/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<search value="True"/>
|
|
<db value="sys"/>
|
|
<tbl value="user,aux,wrong"/>
|
|
<answers value="do you want to crack them via a dictionary-based attack=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: SYS.+9 tables.+AUX_STATS.+USERS.+AUX_HISTORY'"/>
|
|
<item value="r'.+5 entries.+wu.+nameisnull'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle UNION query multi-threaded search enumeration - tables given database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/oracle/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<search value="True"/>
|
|
<db value="sys"/>
|
|
<tbl value="user,aux,wrong"/>
|
|
<answers value="do you want to crack them via a dictionary-based attack=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: SYS.+9 tables.+AUX_STATS.+USERS.+AUX_HISTORY'"/>
|
|
<item value="r'.+5 entries.+wu.+nameisnull'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle boolean-based multi-threaded search enumeration - tables without given database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/oracle/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<search value="True"/>
|
|
<tbl value="users"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: SYS.+1 table.+USERS.+Database: FLOWS_020100.+2 table.+WWV_FLOW_PICK_END_USERS'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle error-based multi-threaded search enumeration - tables without given database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/oracle/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<search value="True"/>
|
|
<tbl value="users"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: SYS.+1 table.+USERS.+Database: FLOWS_020100.+2 table.+WWV_FLOW_PICK_END_USERS'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle UNION query multi-threaded search enumeration - tables without given database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/oracle/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<search value="True"/>
|
|
<tbl value="users"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: SYS.+1 table.+USERS.+Database: FLOWS_020100.+2 table.+WWV_FLOW_PICK_END_USERS'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle boolean-based multi-threaded search enumeration - column without given db or table">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/oracle/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<search value="True"/>
|
|
<col value="surname,foobar"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle error-based multi-threaded search enumeration - column without given db or table">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/oracle/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<search value="True"/>
|
|
<col value="surname,foobar"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME.+VARCHAR2'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle UNION query multi-threaded search enumeration - column without given db or table">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/oracle/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<search value="True"/>
|
|
<col value="surname,foobar"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME.+VARCHAR2'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle boolean-based multi-threaded search enumeration - column given databases">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/oracle/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<search value="True"/>
|
|
<db value="sys,foobar"/>
|
|
<col value="surname"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle error-based multi-threaded search enumeration - column given databases">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/oracle/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<search value="True"/>
|
|
<db value="sys,foobar"/>
|
|
<col value="surname"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME.+VARCHAR2'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle UNION query multi-threaded search enumeration - column given databases">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/oracle/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<search value="True"/>
|
|
<db value="sys,foobar"/>
|
|
<col value="surname"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME.+VARCHAR2'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle boolean-based multi-threaded search enumeration - column given tables">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/oracle/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<search value="True"/>
|
|
<tbl value="users,foobar"/>
|
|
<col value="surname"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle error-based multi-threaded search enumeration - column given tables">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/oracle/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<search value="True"/>
|
|
<tbl value="users,foobar"/>
|
|
<col value="surname"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME.+VARCHAR2'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle UNION query multi-threaded search enumeration - column given tables">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/oracle/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<search value="True"/>
|
|
<tbl value="users,foobar"/>
|
|
<col value="surname"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME.+VARCHAR2'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle boolean-based multi-threaded search enumeration - column given databases and table">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/oracle/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<search value="True"/>
|
|
<db value="sys,foobar"/>
|
|
<tbl value="users"/>
|
|
<col value="surname"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle error-based multi-threaded search enumeration - column given databases and table">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/oracle/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<search value="True"/>
|
|
<db value="sys,foobar"/>
|
|
<tbl value="users"/>
|
|
<col value="surname"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME.+VARCHAR2'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle UNION query multi-threaded search enumeration - column given databases and table">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/oracle/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<search value="True"/>
|
|
<db value="sys,foobar"/>
|
|
<tbl value="users"/>
|
|
<col value="surname"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME.+VARCHAR2'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="IBM DB2 boolean-based multi-threaded search enumeration - database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/db2/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<search value="True"/>
|
|
<db value="d"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'found databases.+:.+\[\*\] DB2INST1.+\[\*\] SYSIBMADM'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="IBM DB2 boolean-based multi-threaded search enumeration - tables given database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/db2/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<search value="True"/>
|
|
<db value="db2inst1"/>
|
|
<tbl value="user,wrong"/>
|
|
<answers value="do you want to dump tables=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: DB2INST1.+1 table.+USERS'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="IBM DB2 boolean-based multi-threaded search enumeration - tables without given database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/db2/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<search value="True"/>
|
|
<tbl value="users"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: DB2INST1.+1 table.+USERS'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="IBM DB2 boolean-based multi-threaded search enumeration - column without given db or table">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/db2/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<search value="True"/>
|
|
<col value="surname,foobar"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: DB2INST1.+Table: USERS.+1 column.+SURNAME'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="IBM DB2 boolean-based multi-threaded search enumeration - column given databases">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/db2/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<search value="True"/>
|
|
<db value="db2inst1,foobar"/>
|
|
<col value="surname"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: DB2INST1.+Table: USERS.+1 column.+SURNAME'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="IBM DB2 boolean-based multi-threaded search enumeration - column given tables">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/db2/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<search value="True"/>
|
|
<tbl value="users,foobar"/>
|
|
<col value="surname"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: DB2INST1.+Table: USERS.+1 column.+SURNAME'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="IBM DB2 boolean-based multi-threaded search enumeration - column given databases and table">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/db2/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<search value="True"/>
|
|
<db value="db2inst1,foobar"/>
|
|
<tbl value="users"/>
|
|
<col value="surname"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: DB2INST1.+Table: USERS.+1 column.+SURNAME'"/>
|
|
</parse>
|
|
</case>
|
|
<!-- NOTE: SQLite 2 driver on Debian 7 does not work
|
|
<case name="SQLite multi-threaded search enumeration - database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/sqlite/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<search value="True"/>
|
|
<db value="e"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="on SQLite it is not possible to search databases" console_output="True"/>
|
|
</parse>
|
|
</case>
|
|
<case name="SQLite boolean-based multi-threaded search enumeration - tables without given database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/sqlite/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<search value="True"/>
|
|
<tbl value="user"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: SQLite_masterdb.+1 table.+users'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="SQLite UNION query multi-threaded search enumeration - tables without given database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/sqlite/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<search value="True"/>
|
|
<tbl value="user"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: SQLite_masterdb.+1 table.+users'"/>
|
|
</parse>
|
|
</case>
|
|
-->
|
|
<case name="Firebird multi-threaded search enumeration - database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/firebird/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<search value="True"/>
|
|
<db value="e"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="on Firebird it is not possible to search databases" console_output="True"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Firebird boolean-based multi-threaded search enumeration - tables without given database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/firebird/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<search value="True"/>
|
|
<tbl value="user"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: Firebird_masterdb.+1 table.+USERS'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Firebird UNION query multi-threaded search enumeration - tables without given database">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/firebird/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<search value="True"/>
|
|
<tbl value="user"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: Firebird_masterdb.+1 table.+USERS'"/>
|
|
</parse>
|
|
</case>
|
|
<!-- End of search enumeration switches -->
|
|
|
|
<!-- User's provided statement enumeration switches -->
|
|
<case name="MySQL boolean-based multi-threaded custom SQL query enumeration">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<query value="SELECT * FROM users LIMIT 0, 2"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'SELECT \* FROM users LIMIT 0, 2 \[2\].+1, luther, blisset.+2, fluffy, bunny'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL error-based multi-threaded custom SQL query enumeration">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<query value="SELECT * FROM users LIMIT 0, 2"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'SELECT \* FROM users LIMIT 0, 2 \[2\].+1, luther, blisset.+2, fluffy, bunny'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL UNION query multi-threaded custom SQL query enumeration">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<query value="SELECT * FROM users LIMIT 0, 2"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'SELECT \* FROM users LIMIT 0, 2 \[2\].+1, luther, blisset.+2, fluffy, bunny'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL boolean-based multi-threaded custom ordered SQL query enumeration">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<query value="SELECT * FROM users ORDER BY name"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'SELECT \* FROM users ORDER BY name \[5\].+2, fluffy, bunny.+1, luther, blisset.+3, wu, ming'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL error-based multi-threaded custom ordered SQL query enumeration">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<query value="SELECT * FROM users ORDER BY name"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'SELECT \* FROM users ORDER BY name \[5\].+2, fluffy, bunny.+1, luther, blisset.+3, wu, ming'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL UNION query multi-threaded custom ordered SQL query enumeration">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<query value="SELECT * FROM users ORDER BY name"/>
|
|
</switches>
|
|
<parse>
|
|
<!-- NOTE: it is not sorted on purpose because UNION does not play well with ORDER BY and it is stripped -->
|
|
<item value="r'SELECT \* FROM users ORDER BY name \[5\].+1, luther, blisset.+2, fluffy, bunny.+3, wu, ming'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL boolean-based multi-threaded custom SQL query enumeration">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<query value="SELECT * FROM users OFFSET 0 LIMIT 2"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'SELECT \* FROM users OFFSET 0 LIMIT 2 \[2\].+1, luther, blisset.+2, fluffy, bunny'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL error-based multi-threaded custom SQL query enumeration">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<query value="SELECT * FROM users OFFSET 0 LIMIT 2"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'SELECT \* FROM users OFFSET 0 LIMIT 2 \[2\].+1, luther, blisset.+2, fluffy, bunny'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL UNION query multi-threaded custom SQL query enumeration">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<query value="SELECT * FROM users OFFSET 0 LIMIT 2"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'SELECT \* FROM users OFFSET 0 LIMIT 2 \[2\].+1, luther, blisset.+2, fluffy, bunny'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL boolean-based multi-threaded custom ordered SQL query enumeration">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<query value="SELECT * FROM users ORDER BY name"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'SELECT \* FROM users ORDER BY name \[5\].+2, fluffy, bunny.+1, luther, blisset.+3, wu, ming'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL error-based multi-threaded custom ordered SQL query enumeration">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<query value="SELECT * FROM users ORDER BY name"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'SELECT \* FROM users ORDER BY name \[5\].+2, fluffy, bunny.+1, luther, blisset.+3, wu, ming'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL UNION query multi-threaded custom ordered SQL query enumeration">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<query value="SELECT * FROM users ORDER BY name"/>
|
|
</switches>
|
|
<parse>
|
|
<!-- NOTE: it is not sorted on purpose because UNION does not play well with ORDER BY and it is stripped -->
|
|
<item value="r'SELECT \* FROM users ORDER BY name \[5\].+1, luther, blisset.+2, fluffy, bunny.+3, wu, ming'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle boolean-based multi-threaded custom SQL query enumeration">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/oracle/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<query value="SELECT * FROM users WHERE ROWNUM=1"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'SELECT \* FROM users WHERE ROWNUM=1.+1, luther, blisset'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle error-based multi-threaded custom SQL query enumeration">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/oracle/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<query value="SELECT * FROM users WHERE ROWNUM=1"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'SELECT \* FROM users WHERE ROWNUM=1 \[.+1.+luther'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle UNION query multi-threaded custom SQL query enumeration">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/oracle/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<query value="SELECT * FROM users WHERE ROWNUM=1"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'SELECT \* FROM users WHERE ROWNUM=1 \[1\].+1, luther, blisset'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle boolean-based multi-threaded custom ordered SQL query enumeration">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/oracle/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<query value="SELECT * FROM users ORDER BY name"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'SELECT \* FROM users ORDER BY name \[5\].+1, luther, blisset.+2, fluffy, bunny.+3, wu, ming'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle error-based multi-threaded custom ordered SQL query enumeration">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/oracle/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<query value="SELECT * FROM users ORDER BY name"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'SELECT \* FROM users ORDER BY name \[5\].+1, luther, blisset.+2, fluffy, bunny.+3, wu, ming'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle UNION query multi-threaded custom ordered SQL query enumeration">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/oracle/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<query value="SELECT * FROM users ORDER BY name"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'SELECT \* FROM users ORDER BY name \[5\].+1, luther, blisset.+2, fluffy, bunny.+3, wu, ming'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="IBM DB2 boolean-based multi-threaded custom SQL query enumeration">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/db2/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<query value="SELECT * FROM db2inst1.users"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'SELECT \* FROM db2inst1.users.+1, luther, blisset.+nameisnull'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="IBM DB2 boolean-based multi-threaded custom ordered SQL query enumeration">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/db2/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<query value="SELECT * FROM db2inst1.users ORDER BY name"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'SELECT \* FROM db2inst1.users ORDER BY name \[5\].+1, luther, blisset.+2, fluffy, bunny.+3, wu, ming'"/>
|
|
</parse>
|
|
</case>
|
|
<!-- NOTE: SQLite 2 driver on Debian 7 does not work
|
|
<case name="SQLite boolean-based multi-threaded custom SQL query enumeration">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/sqlite/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<query value="SELECT * FROM users LIMIT 0, 2"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'SELECT \* FROM users LIMIT 0, 2 \[2\].+1, luther, blisset.+2, fluffy, bunny'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="SQLite UNION query multi-threaded custom SQL query enumeration">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/sqlite/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<query value="SELECT * FROM users LIMIT 0, 2"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'SELECT \* FROM users LIMIT 0, 2 \[2\].+1, luther, blisset.+2, fluffy, bunny'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="SQLite boolean-based multi-threaded custom ordered SQL query enumeration">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/sqlite/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<query value="SELECT * FROM users ORDER BY name"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'SELECT \* FROM users ORDER BY name \[5\].+2, fluffy, bunny.+1, luther, blisset.+3, wu, ming'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="SQLite UNION query multi-threaded custom ordered SQL query enumeration">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/sqlite/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<query value="SELECT * FROM users ORDER BY name"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'SELECT \* FROM users ORDER BY name \[5\].+1, luther, blisset.+2, fluffy, bunny.+3, wu, ming'"/>
|
|
</parse>
|
|
</case>
|
|
-->
|
|
<case name="Firebird boolean-based multi-threaded custom SQL query enumeration">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/firebird/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<query value="SELECT * FROM users"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'SELECT \* FROM users \[.+1, luther, blisset.+2, fluffy, bunny'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Firebird UNION query multi-threaded custom SQL query enumeration">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/firebird/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<query value="SELECT * FROM users"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'SELECT \* FROM users \[.+1, luther, blisset.+2, fluffy, bunny'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Firebird boolean-based multi-threaded custom ordered SQL query enumeration">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/firebird/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<query value="SELECT * FROM users ORDER BY name"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'SELECT \* FROM users ORDER BY name \[5\].+2, fluffy, bunny.+1, luther, blisset.+3, wu, ming'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Firebird UNION query multi-threaded custom ordered SQL query enumeration">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/firebird/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<query value="SELECT * FROM users ORDER BY name"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'SELECT \* FROM users ORDER BY name \[5\].+1, luther, blisset.+2, fluffy, bunny.+3, wu, ming'"/>
|
|
</parse>
|
|
</case>
|
|
<!-- End of user's provided statement enumeration switches -->
|
|
|
|
<!-- File system access switches -->
|
|
<case name="MySQL boolean-based multi-threaded file read">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<rFile value="/etc/hosts,/tmp/invalidfile"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'files saved to.+files/_etc_hosts \(same file\)'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL error-based multi-threaded file read">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<rFile value="/etc/hosts,/tmp/invalidfile"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'files saved to.+files/_etc_hosts \(same file\)'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL UNION query multi-threaded file read">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<rFile value="/etc/hosts,/tmp/invalidfile"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'files saved to.+files/_etc_hosts \(same file\)'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL UNION query multi-threaded file write">
|
|
<switches>
|
|
<verbose value="2"/>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<wFile value="/etc/passwd"/>
|
|
<dFile value="/tmp/passwd-${random}"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="the remote file /tmp/passwd-${random} is larger than the local file /etc/passwd" console_output="True"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL boolean-based multi-threaded file read">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="BS"/>
|
|
<timeSec value="2"/>
|
|
<rFile value="/etc/hosts,/tmp/invalidfile"/>
|
|
<answers value="do you want to overwrite it=Y"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'files saved to.+files/_etc_hosts \(same file\)'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL error-based multi-threaded file read">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="ES"/>
|
|
<rFile value="/etc/hosts,/tmp/invalidfile"/>
|
|
<answers value="do you want to overwrite it=Y"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'files saved to.+files/_etc_hosts \(same file\)'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL UNION query multi-threaded file read">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="US"/>
|
|
<rFile value="/etc/hosts,/tmp/invalidfile"/>
|
|
<answers value="do you want to overwrite it=Y"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'files saved to.+files/_etc_hosts \(same file\)'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL multi-threaded file write">
|
|
<switches>
|
|
<verbose value="2"/>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<wFile value="/etc/passwd"/>
|
|
<dFile value="/tmp/passwd-${random}"/>
|
|
<answers value="do you want to overwrite it=Y"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="the local file /etc/passwd and the remote file /tmp/passwd-${random} have the same size" console_output="True"/>
|
|
</parse>
|
|
</case>
|
|
<!-- End of file system access switches -->
|
|
|
|
<!-- Operating system access switches -->
|
|
<case name="MySQL web shell - command execution">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<tech value="B"/>
|
|
<osCmd value="id"/>
|
|
<answers value="what do you want to use for writable directory=2,please provide a comma separate list of absolute directory paths=/var/www/test"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="command standard output: 'uid="/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL shell via Metasploit integration - command execution">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<tech value="BU"/>
|
|
<osPwn value="True"/>
|
|
<msfPath value="/usr/local/bin/"/>
|
|
<answers value="what do you want to use for writable directory=2,please provide a comma separate list of absolute directory paths=/var/www/test"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Sending stage.+Linux.+uid=.+www-data'" console_output="True"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL User-Defined Function (UDF) injection - command execution (UNION)">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<tech value="US"/>
|
|
<osCmd value="id"/>
|
|
<answers value="do you want to overwrite it=Y"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="command standard output: 'uid="/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL User-Defined Function (UDF) injection - command execution (boolean)">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<tech value="BS"/>
|
|
<osCmd value="ls -1"/>
|
|
<answers value="do you want to overwrite it=Y"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'command standard output:.+base.+PG_VERSION.+server.key'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="PostgreSQL shell via Metasploit integration - command execution">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<tech value="US"/>
|
|
<osPwn value="True"/>
|
|
<msfPath value="/usr/local/bin/"/>
|
|
<answers value="do you want to overwrite it=Y,which connection type do you want to use=2"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Sending stage.+Linux.+uid=.+postgres'" console_output="True"/>
|
|
</parse>
|
|
</case>
|
|
<!-- TODO: add Microsoft SQL Server command execution test cases -->
|
|
<!-- End of operating system access switches -->
|
|
|
|
<!-- Corner cases -->
|
|
<case name="Time-based (heavy query)">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int_benchmark.php?id=1"/>
|
|
<tech value="T"/>
|
|
<level value="2"/>
|
|
<risk value="2"/>
|
|
<timeSec value="2"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Type: AND/OR time-based blind"/>
|
|
<item value="Title: MySQL < 5.0.12 AND time-based blind (heavy query)"/>
|
|
</parse>
|
|
</case>
|
|
<case name="OR boolean-based">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<testFilter value="OR boolean"/>
|
|
<getBanner value="True"/>
|
|
<isDba value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: OR boolean-based blind - WHERE or HAVING clause"/>
|
|
<item value="banner: '5.5.37-0+wheezy1'"/>
|
|
<item value="current user is DBA: True"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Page protected by custom (weak) filter">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int_filtered.php?id=1"/>
|
|
<tech value="BE"/>
|
|
<level value="3"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: Generic boolean-based blind - Parameter replace (original value)"/>
|
|
<item value="Title: MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)"/>
|
|
</parse>
|
|
</case>
|
|
<case name="GROUP BY clause">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int_groupby.php?id=1"/>
|
|
<tech value="B"/>
|
|
<level value="3"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE)"/>
|
|
</parse>
|
|
</case>
|
|
<case name="International data">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int_international.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<getBanner value="True"/>
|
|
<dumpTable value="True"/>
|
|
<db value="testdb"/>
|
|
<tbl value="international"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="banner: '5.5.37-0+wheezy1'"/>
|
|
<item value="r'Database: testdb.+Table: international.+3 entries.+šućuraj.+长江.+река Москва'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Highly dynamic page">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int_rand.php?id=1"/>
|
|
<timeSec value="2"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: AND boolean-based blind - WHERE or HAVING clause"/>
|
|
<item value="Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause"/>
|
|
<item value="Title: MySQL UNION query (NULL) - 3 columns"/>
|
|
<item value="Title: MySQL > 5.0.11 AND time-based blind"/>
|
|
</parse>
|
|
</case>
|
|
<case name="302 redirect page when SQL statement return no output">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int_redirected.php?id=1"/>
|
|
<timeSec value="2"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: AND boolean-based blind - WHERE or HAVING clause"/>
|
|
<item value="Title: MySQL UNION query (NULL) - 3 columns"/>
|
|
<item value="Title: MySQL > 5.0.11 AND time-based blind"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Page that returns an image">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int_img.php?id=1"/>
|
|
<tech value="BT"/>
|
|
<timeSec value="2"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: AND boolean-based blind - WHERE or HAVING clause"/>
|
|
<item value="Title: MySQL > 5.0.11 AND time-based blind"/>
|
|
</parse>
|
|
</case>
|
|
<case name="302 redirect page when SQL statement returns output">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int_redirected_true.php?id=1"/>
|
|
<tech value="E"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Invalid bignum">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int_partialunion.php?id=1"/>
|
|
<tech value="U"/>
|
|
<invalidBignum value="True"/>
|
|
<getBanner value="True"/>
|
|
<isDba value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: MySQL UNION query (NULL) - 3 columns"/>
|
|
<item value="r'Payload: id=[\d]+\.[\d]+ UNION'"/>
|
|
<item value="banner: '5.5.37-0+wheezy1'"/>
|
|
<item value="current user is DBA: True"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Invalid logical">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int_partialunion.php?id=1"/>
|
|
<tech value="U"/>
|
|
<invalidLogical value="True"/>
|
|
<getBanner value="True"/>
|
|
<isDba value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: MySQL UNION query (NULL) - 3 columns"/>
|
|
<item value="r'Payload: id=1 AND [\d]+=[\d]+ UNION'"/>
|
|
<item value="banner: '5.5.37-0+wheezy1'"/>
|
|
<item value="current user is DBA: True"/>
|
|
</parse>
|
|
</case>
|
|
<!-- End of corner cases -->
|
|
|
|
<!-- Other switches -->
|
|
<case name="HTTP basic authentication">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/basic/get_int.php?id=1"/>
|
|
<tech value="E"/>
|
|
<authType value="Basic"/>
|
|
<authCred value="testuser:testpass"/>
|
|
<getBanner value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="banner: '5.5.37-0+wheezy1'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="HTTP digest authentication">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/digest/get_int.php?id=1"/>
|
|
<tech value="E"/>
|
|
<authType value="Digest"/>
|
|
<authCred value="testuser:testpass"/>
|
|
<getBanner value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="banner: '5.5.37-0+wheezy1'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Boolean-based predict output enumeration">
|
|
<switches>
|
|
<verbose value="2"/>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<predictOutput value="True"/>
|
|
<tech value="B"/>
|
|
<getBanner value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="banner: '5.5.37-0+wheezy1'"/>
|
|
<item value="r'performed 112 queries'" console_output="True"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Boolean-based ORDER BY predict output enumeration">
|
|
<switches>
|
|
<verbose value="2"/>
|
|
<url value="http://debian/sqlmap/mysql/get_int_orderby.php?id=1"/>
|
|
<predictOutput value="True"/>
|
|
<tech value="B"/>
|
|
<testFilter value="boolean-based blind - GROUP BY and ORDER BY clauses"/>
|
|
<getBanner value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="banner: '5.5.37-0+wheezy1'"/>
|
|
<item value="r'performed 112 queries'" console_output="True"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Time-based predict output enumeration">
|
|
<switches>
|
|
<verbose value="2"/>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<predictOutput value="True"/>
|
|
<tech value="T"/>
|
|
<getBanner value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="banner: '5.5.37-0+wheezy1'"/>
|
|
<item value="r'performed 126 queries'" console_output="True"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Hex conversion data retrival">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<extensiveFp value="True"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getHostname value="True"/>
|
|
<hexConvert value="True"/>
|
|
<isDba value="True"/>
|
|
<getUsers value="True"/>
|
|
<getPasswordHashes value="True"/>
|
|
<getPrivileges value="True"/>
|
|
<getRoles value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<getColumns value="True"/>
|
|
<getCount value="True"/>
|
|
<dumpTable value="True"/>
|
|
<db value="testdb"/>
|
|
<tbl value="users"/>
|
|
<excludeSysDbs value="True"/>
|
|
<answers value="do you want to perform a dictionary-based attack against retrieved password hashes=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause"/>
|
|
<item value="r'back-end DBMS: active fingerprint: MySQL >= 5.5.0'"/>
|
|
<item value="banner: '5.5.37-0+wheezy1'"/>
|
|
<item value="current user: 'root@localhost'"/>
|
|
<item value="current database: 'testdb'"/>
|
|
<item value="hostname: 'debian"/>
|
|
<item value="current user is DBA: True"/>
|
|
<item value="r'database management system users \[.+'debian-sys-maint'@'localhost'.+'root'@'"/>
|
|
<item value="r'database management system users password hashes:.+root \[.+password hash: \*00E247AC5F9AF26AE0194B41E1E769DEE1429A29'"/>
|
|
<item value="r'database management system users privileges:.+debian-sys-maint.+\(administrator\).+root.+\(administrator\).+privilege: SUPER'"/>
|
|
<item value="r'database management system users roles:.+debian-sys-maint.+\(administrator\).+root.+\(administrator\).+role: SUPER'"/>
|
|
<item value="r'available databases \[.+information_schema.+mysql.+testdb'"/>
|
|
<item value="r'Database: testdb.+3 tables.+users'"/>
|
|
<item value="r'Database: testdb.+Table: users.+3 columns.+surname.+varchar\(1000\)'"/>
|
|
<item value="r'Database: testdb.+Table.+Entries.+users.+5'"/>
|
|
<item value="r'Database: testdb.+Table: users.+5 entries.+luther.+nameisnull.+'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Custom GET parameter injection mark">
|
|
<switches>
|
|
<verbose value="2"/>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1*"/>
|
|
<tech value="B"/>
|
|
<getBanner value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="banner: '5.5.37-0+wheezy1'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Custom POST data injection mark">
|
|
<switches>
|
|
<verbose value="2"/>
|
|
<url value="http://debian/sqlmap/mysql/post_int.php"/>
|
|
<data value="id=1*"/>
|
|
<tech value="E"/>
|
|
<getBanner value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="banner: '5.5.37-0+wheezy1'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Custom HTTP header (UA) injection mark">
|
|
<switches>
|
|
<verbose value="2"/>
|
|
<url value="http://debian/sqlmap/mysql/header_str.php"/>
|
|
<headers value="User-Agent: 1*"/>
|
|
<tech value="U"/>
|
|
<getBanner value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="banner: '5.5.37-0+wheezy1'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Custom FROM table in UNION query">
|
|
<switches>
|
|
<verbose value="3"/>
|
|
<url value="http://debian/sqlmap/mysql/get_int_partialunion.php?id=1"/>
|
|
<tech value="U"/>
|
|
<uFrom value="INFORMATION_SCHEMA.COLLATIONS"/>
|
|
<getBanner value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'VERSION\(\).+FROM INFORMATION_SCHEMA\.COLLATIONS'" console_output="True"/>
|
|
<item value="banner: '5.5.37-0+wheezy1'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Estimated time of arrival">
|
|
<switches>
|
|
<verbose value="2"/>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?id=1"/>
|
|
<tech value="B"/>
|
|
<eta value="True"/>
|
|
<getBanner value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="banner: '5.5.37-0+wheezy1'"/>
|
|
<item value="r'100\% \[===.+=\] 17\/17'" console_output="True"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Multiple parameters">
|
|
<switches>
|
|
<url value="http://debian/sqlmap/mysql/get_int.php?pAram=value&s=3&id=1&Par=VALUE"/>
|
|
<tech value="B"/>
|
|
<getBanner value="True"/>
|
|
<answers value="Do you want to keep testing the others=Y"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="banner: '5.5.37-0+wheezy1'"/>
|
|
<item value="testing for SQL injection on GET parameter 'pAram'" console_output="True"/>
|
|
<item value="testing for SQL injection on GET parameter 's'" console_output="True"/>
|
|
<item value="testing for SQL injection on GET parameter 'id'" console_output="True"/>
|
|
<item value="testing for SQL injection on GET parameter 'Par'" console_output="True"/>
|
|
</parse>
|
|
</case>
|
|
<!-- End of other switches -->
|
|
|
|
<!-- TODO: add the following test cases:
|
|
* Test against a web service with XML POST data
|
|
* Test against a web application with generic XML POST data
|
|
* Test against a web application with JSON POST data
|
|
* Test against a web application with Multipart POST DATA
|
|
* Test direct connection against all supported DBMSes
|
|
-->
|
|
</root>
|