mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 17:46:37 +03:00
1053 lines
49 KiB
XML
1053 lines
49 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
|
|
<root>
|
|
<global>
|
|
<ignoreProxy value="True"/>
|
|
<batch value="True"/>
|
|
<verbose value="1"/>
|
|
</global>
|
|
<!-- Common enumeration switches across all techniques -->
|
|
<case name="MySQL boolean-based multi-threaded enumeration - all entries">
|
|
<switches>
|
|
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<extensiveFp value="True"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getHostname value="True"/>
|
|
<isDba value="True"/>
|
|
<getUsers value="True"/>
|
|
<getPasswordHashes value="True"/>
|
|
<getPrivileges value="True"/>
|
|
<getRoles value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<getColumns value="True"/>
|
|
<getCount value="True"/>
|
|
<dumpTable value="True"/>
|
|
<db value="testdb"/>
|
|
<tbl value="users"/>
|
|
<excludeSysDbs value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: AND boolean-based blind - WHERE or HAVING clause"/>
|
|
<item value="r'back-end DBMS: active fingerprint: MySQL >= 5.1.12 and < 5.5.0'"/>
|
|
<item value="banner: '5.1.63-0+squeeze1'"/>
|
|
<item value="current user: 'root@localhost'"/>
|
|
<item value="current database: 'testdb'"/>
|
|
<item value="hostname: 'debian"/>
|
|
<item value="current user is DBA: True"/>
|
|
<item value="r'database management system users \[.+'debian-sys-maint'@'localhost'.+'root'@''"/>
|
|
<item value="r'database management system users password hashes:.+root \[.+password hash: \*00E247AC5F9AF26AE0194B41E1E769DEE1429A29.+clear-text password: testpass'"/>
|
|
<item value="r'database management system users privileges:.+debian-sys-maint.+\(administrator\).+root.+\(administrator\).+privilege: SUPER'"/>
|
|
<item value="r'database management system users roles:.+debian-sys-maint.+\[.+root.+\[.+role: SUPER'"/>
|
|
<item value="r'available databases \[.+information_schema.+mysql.+owasp10.+testdb'"/>
|
|
<item value="r'Database: testdb.+1 table.+users'"/>
|
|
<item value="r'Database: testdb.+Table: users.+3 columns.+surname.+varchar\(1000\)'"/>
|
|
<item value="r'Database: testdb.+Table.+Entries.+users.+5'"/>
|
|
<item value="r'Database: testdb.+Table: users.+5 entries.+luther.+nameisnull.+'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL error-based multi-threaded enumeration - all entries">
|
|
<switches>
|
|
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<extensiveFp value="True"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getHostname value="True"/>
|
|
<isDba value="True"/>
|
|
<getUsers value="True"/>
|
|
<getPasswordHashes value="True"/>
|
|
<getPrivileges value="True"/>
|
|
<getRoles value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<getColumns value="True"/>
|
|
<getCount value="True"/>
|
|
<dumpTable value="True"/>
|
|
<db value="testdb"/>
|
|
<tbl value="users"/>
|
|
<excludeSysDbs value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause"/>
|
|
<item value="r'back-end DBMS: active fingerprint: MySQL >= 5.1.12 and < 5.5.0'"/>
|
|
<item value="banner: '5.1.63-0+squeeze1'"/>
|
|
<item value="current user: 'root@localhost'"/>
|
|
<item value="current database: 'testdb'"/>
|
|
<item value="hostname: 'debian"/>
|
|
<item value="current user is DBA: True"/>
|
|
<item value="r'database management system users \[.+'debian-sys-maint'@'localhost'.+'root'@''"/>
|
|
<item value="r'database management system users password hashes:.+root \[.+password hash: \*00E247AC5F9AF26AE0194B41E1E769DEE1429A29.+clear-text password: testpass'"/>
|
|
<item value="r'database management system users privileges:.+debian-sys-maint.+\(administrator\).+root.+\(administrator\).+privilege: SUPER'"/>
|
|
<item value="r'database management system users roles:.+debian-sys-maint.+\[.+root.+\[.+role: SUPER'"/>
|
|
<item value="r'available databases \[.+information_schema.+mysql.+owasp10.+testdb'"/>
|
|
<item value="r'Database: testdb.+1 table.+users'"/>
|
|
<item value="r'Database: testdb.+Table: users.+3 columns.+surname.+varchar\(1000\)'"/>
|
|
<item value="r'Database: testdb.+Table.+Entries.+users.+5'"/>
|
|
<item value="r'Database: testdb.+Table: users.+5 entries.+luther.+nameisnull.+'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL UNION query multi-threaded enumeration - all entries">
|
|
<switches>
|
|
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<extensiveFp value="True"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getHostname value="True"/>
|
|
<isDba value="True"/>
|
|
<getUsers value="True"/>
|
|
<getPasswordHashes value="True"/>
|
|
<getPrivileges value="True"/>
|
|
<getRoles value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<getColumns value="True"/>
|
|
<getCount value="True"/>
|
|
<dumpTable value="True"/>
|
|
<db value="testdb"/>
|
|
<tbl value="users"/>
|
|
<excludeSysDbs value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: MySQL UNION query (NULL) - 3 columns"/>
|
|
<item value="r'back-end DBMS: active fingerprint: MySQL >= 5.1.12 and < 5.5.0'"/>
|
|
<item value="banner: '5.1.63-0+squeeze1'"/>
|
|
<item value="current user: 'root@localhost'"/>
|
|
<item value="current database: 'testdb'"/>
|
|
<item value="hostname: 'debian"/>
|
|
<item value="current user is DBA: True"/>
|
|
<item value="r'database management system users \[.+'debian-sys-maint'@'localhost'.+'root'@''"/>
|
|
<item value="r'database management system users password hashes:.+root \[.+password hash: \*00E247AC5F9AF26AE0194B41E1E769DEE1429A29.+clear-text password: testpass'"/>
|
|
<item value="r'database management system users privileges:.+debian-sys-maint.+\(administrator\).+root.+\(administrator\).+privilege: SUPER'"/>
|
|
<item value="r'database management system users roles:.+debian-sys-maint.+\[.+root.+\[.+role: SUPER'"/>
|
|
<item value="r'available databases \[.+information_schema.+mysql.+owasp10.+testdb'"/>
|
|
<item value="r'Database: testdb.+1 table.+users'"/>
|
|
<item value="r'Database: testdb.+Table: users.+3 columns.+surname.+varchar\(1000\)'"/>
|
|
<item value="r'Database: testdb.+Table.+Entries.+users.+5'"/>
|
|
<item value="r'Database: testdb.+Table: users.+5 entries.+luther.+nameisnull.+'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL partial UNION query multi-threaded enumeration - all entries">
|
|
<switches>
|
|
<url value="http://debiandev/sqlmap/mysql/get_int_partialunion.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<extensiveFp value="True"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getHostname value="True"/>
|
|
<isDba value="True"/>
|
|
<getUsers value="True"/>
|
|
<getPasswordHashes value="True"/>
|
|
<getPrivileges value="True"/>
|
|
<getRoles value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<getColumns value="True"/>
|
|
<getCount value="True"/>
|
|
<dumpTable value="True"/>
|
|
<db value="testdb"/>
|
|
<tbl value="users"/>
|
|
<excludeSysDbs value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: MySQL UNION query (NULL) - 3 columns"/>
|
|
<item value="r'back-end DBMS: active fingerprint: MySQL >= 5.1.12 and < 5.5.0'"/>
|
|
<item value="banner: '5.1.63-0+squeeze1'"/>
|
|
<item value="current user: 'root@localhost'"/>
|
|
<item value="current database: 'testdb'"/>
|
|
<item value="hostname: 'debian"/>
|
|
<item value="current user is DBA: True"/>
|
|
<item value="r'database management system users \[.+'debian-sys-maint'@'localhost'.+'root'@''"/>
|
|
<item value="r'database management system users password hashes:.+root \[.+password hash: \*00E247AC5F9AF26AE0194B41E1E769DEE1429A29.+clear-text password: testpass'"/>
|
|
<item value="r'database management system users privileges:.+debian-sys-maint.+\(administrator\).+root.+\(administrator\).+privilege: SUPER'"/>
|
|
<item value="r'database management system users roles:.+debian-sys-maint.+\[.+root.+\[.+role: SUPER'"/>
|
|
<item value="r'available databases \[.+information_schema.+mysql.+owasp10.+testdb'"/>
|
|
<item value="r'Database: testdb.+1 table.+users'"/>
|
|
<item value="r'Database: testdb.+Table: users.+3 columns.+surname.+varchar\(1000\)'"/>
|
|
<item value="r'Database: testdb.+Table.+Entries.+users.+5'"/>
|
|
<item value="r'Database: testdb.+Table: users.+5 entries.+luther.+nameisnull.+'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL time-based single-threaded enumeration - all entries">
|
|
<switches>
|
|
<url value="http://debiandev/sqlmap/mysql/get_int_nooutput.php?id=1"/>
|
|
<tech value="T"/>
|
|
<timeSec value="1"/>
|
|
<extensiveFp value="True"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getHostname value="True"/>
|
|
<isDba value="True"/>
|
|
<getUsers value="True"/>
|
|
<getPasswordHashes value="True"/>
|
|
<getPrivileges value="True"/>
|
|
<getRoles value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<getColumns value="True"/>
|
|
<getCount value="True"/>
|
|
<dumpTable value="True"/>
|
|
<db value="testdb"/>
|
|
<tbl value="users"/>
|
|
<excludeSysDbs value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: MySQL > 5.0.11 AND time-based blind"/>
|
|
<item value="r'back-end DBMS: active fingerprint: MySQL >= 5.1.12 and < 5.5.0'"/>
|
|
<item value="banner: '5.1.63-0+squeeze1'"/>
|
|
<item value="current user: 'root@localhost'"/>
|
|
<item value="current database: 'testdb'"/>
|
|
<item value="hostname: 'debian"/>
|
|
<item value="current user is DBA: True"/>
|
|
<item value="r'database management system users \[.+'debian-sys-maint'@'localhost'.+'root'@''"/>
|
|
<item value="r'database management system users password hashes:.+root \[.+password hash: \*00E247AC5F9AF26AE0194B41E1E769DEE1429A29.+clear-text password: testpass'"/>
|
|
<item value="r'database management system users privileges:.+debian-sys-maint.+\(administrator\).+root.+\(administrator\).+privilege: SUPER'"/>
|
|
<item value="r'database management system users roles:.+debian-sys-maint.+\[.+root.+\[.+role: SUPER'"/>
|
|
<item value="r'available databases \[.+information_schema.+mysql.+owasp10.+testdb'"/>
|
|
<item value="r'Database: testdb.+1 table.+users'"/>
|
|
<item value="r'Database: testdb.+Table: users.+3 columns.+surname.+varchar\(1000\)'"/>
|
|
<item value="r'Database: testdb.+Table.+Entries.+users.+5'"/>
|
|
<item value="r'Database: testdb.+Table: users.+5 entries.+luther.+nameisnull.+'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL inline queries multi-threaded enumeration - all entries">
|
|
<switches>
|
|
<url value="http://debiandev/sqlmap/mysql/get_int_inline.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="Q"/>
|
|
<extensiveFp value="True"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getHostname value="True"/>
|
|
<isDba value="True"/>
|
|
<getUsers value="True"/>
|
|
<getPasswordHashes value="True"/>
|
|
<getPrivileges value="True"/>
|
|
<getRoles value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<getColumns value="True"/>
|
|
<getCount value="True"/>
|
|
<dumpTable value="True"/>
|
|
<db value="testdb"/>
|
|
<tbl value="users"/>
|
|
<excludeSysDbs value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="Title: MySQL inline queries"/>
|
|
<item value="r'back-end DBMS: active fingerprint: MySQL >= 5.1.12 and < 5.5.0'"/>
|
|
<item value="banner: '5.1.63-0+squeeze1'"/>
|
|
<item value="current user: 'root@localhost'"/>
|
|
<item value="current database: 'testdb'"/>
|
|
<item value="hostname: 'debian"/>
|
|
<item value="current user is DBA: True"/>
|
|
<item value="r'database management system users \[.+'debian-sys-maint'@'localhost'.+'root'@''"/>
|
|
<item value="r'database management system users password hashes:.+root \[.+password hash: \*00E247AC5F9AF26AE0194B41E1E769DEE1429A29.+clear-text password: testpass'"/>
|
|
<item value="r'database management system users privileges:.+debian-sys-maint.+\(administrator\).+root.+\(administrator\).+privilege: SUPER'"/>
|
|
<item value="r'database management system users roles:.+debian-sys-maint.+\[.+root.+\[.+role: SUPER'"/>
|
|
<item value="r'available databases \[.+information_schema.+mysql.+owasp10.+testdb'"/>
|
|
<item value="r'Database: testdb.+1 table.+users'"/>
|
|
<item value="r'Database: testdb.+Table: users.+3 columns.+surname.+varchar\(1000\)'"/>
|
|
<item value="r'Database: testdb.+Table.+Entries.+users.+5'"/>
|
|
<item value="r'Database: testdb.+Table: users.+5 entries.+luther.+nameisnull.+'"/>
|
|
</parse>
|
|
</case>
|
|
<!-- End of common enumeration switches across all techniques -->
|
|
|
|
<!-- Custom enumeration switches -->
|
|
<case name="MySQL error-based multi-threaded custom enumeration">
|
|
<switches>
|
|
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<getSchema value="True"/>
|
|
<dumpTable value="True"/>
|
|
<db value="testdb"/>
|
|
<tbl value="users"/>
|
|
<limitStart value="2"/>
|
|
<limitStop value="4"/>
|
|
<excludeSysDbs value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: testdb.+Table: users.+3 columns.+surname.+varchar\(1000\)'"/>
|
|
<item value="r'Database: testdb.+Table: users.+3 entries.+fluffy.+bunny.+wu.+ming'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL UNION query multi-threaded custom enumeration">
|
|
<switches>
|
|
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<getSchema value="True"/>
|
|
<dumpTable value="True"/>
|
|
<db value="testdb"/>
|
|
<tbl value="users"/>
|
|
<limitStart value="2"/>
|
|
<limitStop value="4"/>
|
|
<excludeSysDbs value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: testdb.+Table: users.+3 columns.+surname.+varchar\(1000\)'"/>
|
|
<item value="r'Database: testdb.+Table: users.+3 entries.+fluffy.+bunny.+wu.+ming'"/>
|
|
</parse>
|
|
</case>
|
|
<!-- TODO: this fails because of issue #304 -->
|
|
<case name="MySQL boolean-based multi-threaded custom enumeration - substring">
|
|
<switches>
|
|
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<dumpTable value="True"/>
|
|
<db value="testdb"/>
|
|
<tbl value="users"/>
|
|
<firstChar value="3"/>
|
|
<lastChar value="5"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: testdb.+Table: users.+5 entries.+the | iss.+<blank> | mei'"/>
|
|
</parse>
|
|
</case>
|
|
<!-- End of custom enumeration switches -->
|
|
|
|
<!-- Search enumeration switches -->
|
|
<case name="MySQL boolean-based multi-threaded search enumeration - database">
|
|
<switches>
|
|
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<search value="True"/>
|
|
<db value="e"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'found databases.+:.+\[\*\] information_schema.+\[\*\] testdb'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL error-based multi-threaded search enumeration - database">
|
|
<switches>
|
|
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<search value="True"/>
|
|
<db value="e"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'found databases.+:.+\[\*\] information_schema.+\[\*\] testdb'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL UNION query multi-threaded search enumeration - database">
|
|
<switches>
|
|
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<search value="True"/>
|
|
<db value="e"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'found databases.+:.+\[\*\] information_schema.+\[\*\] testdb'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL boolean-based multi-threaded search enumeration - tables given database">
|
|
<switches>
|
|
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<search value="True"/>
|
|
<db value="testdb"/>
|
|
<tbl value="a,e,i"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: testdb.+1 table.+users'"/>
|
|
<item value="r'.+5 entries.+wu.+nameisnull'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL error-based multi-threaded search enumeration - tables given database">
|
|
<switches>
|
|
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<search value="True"/>
|
|
<db value="testdb"/>
|
|
<tbl value="a,e,i"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: testdb.+1 table.+users'"/>
|
|
<item value="r'.+5 entries.+wu.+nameisnull'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL UNION query multi-threaded search enumeration - tables given database">
|
|
<switches>
|
|
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<search value="True"/>
|
|
<db value="testdb"/>
|
|
<tbl value="a,e,i"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: testdb.+1 table.+users'"/>
|
|
<item value="r'.+5 entries.+wu.+nameisnull'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL boolean-based multi-threaded search enumeration - tables without given database">
|
|
<switches>
|
|
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<search value="True"/>
|
|
<tbl value="user"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: testdb.+1 table.+users.+Database: mysql.+1 table.+user '"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL error-based multi-threaded search enumeration - tables without given database">
|
|
<switches>
|
|
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<search value="True"/>
|
|
<tbl value="user"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: testdb.+1 table.+users.+Database: mysql.+1 table.+user '"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL UNION query multi-threaded search enumeration - tables without given database">
|
|
<switches>
|
|
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<search value="True"/>
|
|
<tbl value="user"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: testdb.+1 table.+users.+Database: mysql.+1 table.+user '"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL boolean-based multi-threaded search enumeration - column without given db or table">
|
|
<switches>
|
|
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<search value="True"/>
|
|
<col value="name"/>
|
|
<excludeSysDbs value="True"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: testdb.+Table: users.+2 columns.+name.+surname'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL error-based multi-threaded search enumeration - column without given db or table">
|
|
<switches>
|
|
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<search value="True"/>
|
|
<col value="name"/>
|
|
<excludeSysDbs value="True"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: testdb.+Table: users.+2 columns.+name.+varchar\(500\).+surname.+varchar\(1000\)'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL UNION query multi-threaded search enumeration - column without given db or table">
|
|
<switches>
|
|
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<search value="True"/>
|
|
<col value="name"/>
|
|
<excludeSysDbs value="True"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: testdb.+Table: users.+2 columns.+name.+varchar\(500\).+surname.+varchar\(1000\)'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL boolean-based multi-threaded search enumeration - column given databases">
|
|
<switches>
|
|
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<search value="True"/>
|
|
<db value="mysql,testdb"/>
|
|
<col value="name"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: testdb.+Table: users.+2 columns.+name.+surname'"/>
|
|
<item value="r'Database: mysql.+Table: plugin.+1 column.+name'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL error-based multi-threaded search enumeration - column given databases">
|
|
<switches>
|
|
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<search value="True"/>
|
|
<db value="mysql,testdb"/>
|
|
<col value="name"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: testdb.+Table: users.+2 columns.+name.+varchar\(500\).+surname.+varchar\(1000\)'"/>
|
|
<item value="r'Database: mysql.+Table: plugin.+1 column.+name.+char\(64\)'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL UNION query multi-threaded search enumeration - column given databases">
|
|
<switches>
|
|
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<search value="True"/>
|
|
<db value="mysql,testdb"/>
|
|
<col value="name"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: testdb.+Table: users.+2 columns.+name.+varchar\(500\).+surname.+varchar\(1000\)'"/>
|
|
<item value="r'Database: mysql.+Table: plugin.+1 column.+name.+char\(64\)'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL boolean-based multi-threaded search enumeration - column given tables">
|
|
<switches>
|
|
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<search value="True"/>
|
|
<tbl value="users,plugin"/>
|
|
<col value="name"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: testdb.+Table: users.+2 columns.+name.+surname'"/>
|
|
<item value="r'Database: mysql.+Table: plugin.+1 column.+name'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL error-based multi-threaded search enumeration - column given tables">
|
|
<switches>
|
|
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<search value="True"/>
|
|
<tbl value="users,plugin"/>
|
|
<col value="name"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: testdb.+Table: users.+2 columns.+name.+varchar\(500\).+surname.+varchar\(1000\)'"/>
|
|
<item value="r'Database: mysql.+Table: plugin.+1 column.+name.+char\(64\)'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL UNION query multi-threaded search enumeration - column given tables">
|
|
<switches>
|
|
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<search value="True"/>
|
|
<tbl value="users,plugin"/>
|
|
<col value="name"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: testdb.+Table: users.+2 columns.+name.+varchar\(500\).+surname.+varchar\(1000\)'"/>
|
|
<item value="r'Database: mysql.+Table: plugin.+1 column.+name.+char\(64\)'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL boolean-based multi-threaded search enumeration - column given databases and table">
|
|
<switches>
|
|
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<search value="True"/>
|
|
<db value="mysql,testdb"/>
|
|
<tbl value="users"/>
|
|
<col value="name"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: testdb.+Table: users.+2 columns.+name.+surname'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL error-based multi-threaded search enumeration - column given databases and table">
|
|
<switches>
|
|
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<search value="True"/>
|
|
<db value="mysql,testdb"/>
|
|
<tbl value="users"/>
|
|
<col value="name"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: testdb.+Table: users.+2 columns.+name.+varchar\(500\).+surname.+varchar\(1000\)'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL UNION query multi-threaded search enumeration - column given databases and table">
|
|
<switches>
|
|
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<search value="True"/>
|
|
<db value="mysql,testdb"/>
|
|
<tbl value="users"/>
|
|
<col value="name"/>
|
|
<answers value="do you want to dump=N"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'Database: testdb.+Table: users.+2 columns.+name.+varchar\(500\).+surname.+varchar\(1000\)'"/>
|
|
</parse>
|
|
</case>
|
|
<!-- End of search enumeration switches -->
|
|
|
|
<!-- User's provided statement enumeration switches -->
|
|
<case name="MySQL boolean-based multi-threaded custom SQL query enumeration">
|
|
<switches>
|
|
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="B"/>
|
|
<query value="SELECT * FROM users LIMIT 0, 2"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'SELECT \* FROM users LIMIT 0, 2 \[2\].+1, luther, blissett.+2, fluffy, bunny'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL error-based multi-threaded custom SQL query enumeration">
|
|
<switches>
|
|
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="E"/>
|
|
<query value="SELECT * FROM users LIMIT 0, 2"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'SELECT \* FROM users LIMIT 0, 2 \[2\].+1, luther, blissett.+2, fluffy, bunny'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL UNION query multi-threaded custom SQL query enumeration">
|
|
<switches>
|
|
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
|
|
<threads value="4"/>
|
|
<tech value="U"/>
|
|
<query value="SELECT * FROM users LIMIT 0, 2"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="r'SELECT \* FROM users LIMIT 0, 2 \[2\].+1, luther, blissett.+2, fluffy, bunny'"/>
|
|
</parse>
|
|
</case>
|
|
<!-- End of user's provided statement enumeration switches -->
|
|
|
|
<!-- Old test cases -->
|
|
<case name="MySQL (--technique=E --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump)">
|
|
<switches>
|
|
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
|
|
<isDba value="True"/>
|
|
<tech value="E"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<db value="testdb"/>
|
|
<tbl value="users"/>
|
|
<getColumns value="True"/>
|
|
<dumpTable value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="current user is DBA: True"/>
|
|
<item value="banner: '5.1.63-0+squeeze2'"/>
|
|
<item value="current user: 'root@localhost'"/>
|
|
<item value="current database: 'testdb'"/>
|
|
<item value="r'information_schema.+mysql.+owasp10.+testdb'"/>
|
|
<item value="r'1 table.+users'"/>
|
|
<item value="r'3 columns.+surname.+varchar\(1000\)'"/>
|
|
<item value="r'5 entries.+nameisnull.+'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL (--technique=U --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump)">
|
|
<switches>
|
|
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
|
|
<isDba value="True"/>
|
|
<tech value="U"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<db value="testdb"/>
|
|
<tbl value="users"/>
|
|
<getColumns value="True"/>
|
|
<dumpTable value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="current user is DBA: True"/>
|
|
<item value="banner: '5.1.63-0+squeeze1'"/>
|
|
<item value="current user: 'root@localhost'"/>
|
|
<item value="current database: 'testdb'"/>
|
|
<item value="r'information_schema.+mysql.+owasp10.+testdb'"/>
|
|
<item value="r'1 table.+users'"/>
|
|
<item value="r'3 columns.+surname.+varchar\(1000\)'"/>
|
|
<item value="r'5 entries.+nameisnull.+'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MySQL partial union (--technique=U --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump)">
|
|
<switches>
|
|
<url value="http://debiandev/sqlmap/mysql/get_int_partialunion.php?id=1"/>
|
|
<isDba value="True"/>
|
|
<tech value="U"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<db value="testdb"/>
|
|
<tbl value="users"/>
|
|
<getColumns value="True"/>
|
|
<dumpTable value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="current user is DBA: True"/>
|
|
<item value="banner: '5.1.63-0+squeeze1'"/>
|
|
<item value="current user: 'root@localhost'"/>
|
|
<item value="current database: 'testdb'"/>
|
|
<item value="r'information_schema.+mysql.+owasp10.+testdb'"/>
|
|
<item value="r'1 table.+users'"/>
|
|
<item value="r'3 columns.+surname.+varchar\(1000\)'"/>
|
|
<item value="r'5 entries.+nameisnull.+'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Postgres (--technique=B --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump --threads=4)">
|
|
<switches>
|
|
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<isDba value="True"/>
|
|
<tech value="B"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<db value="testdb"/>
|
|
<tbl value="users"/>
|
|
<getColumns value="True"/>
|
|
<dumpTable value="True"/>
|
|
<threads value="4"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="current user is DBA: True"/>
|
|
<item value="PostgreSQL 8.3.9 on i486-pc-linux-gnu, compiled by GCC gcc-4.3.real (Debian 4.3.2-1.1) 4.3.2"/>
|
|
<item value="current user: 'testuser'"/>
|
|
<item value="current database: 'testdb'"/>
|
|
<item value="r'postgres.+template0.+template1.+testdb'"/>
|
|
<item value="r'1 table.+users'"/>
|
|
<item value="r'3 columns.+username.+bpchar'"/>
|
|
<item value="r'4 entries.+nameisnull'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Postgres (--technique=E --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump)">
|
|
<switches>
|
|
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<isDba value="True"/>
|
|
<tech value="E"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<db value="testdb"/>
|
|
<tbl value="users"/>
|
|
<getColumns value="True"/>
|
|
<dumpTable value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="current user is DBA: True"/>
|
|
<item value="PostgreSQL 8.3.9 on i486-pc-linux-gnu, compiled by GCC gcc-4.3.real (Debian 4.3.2-1.1) 4.3.2"/>
|
|
<item value="current user: 'testuser'"/>
|
|
<item value="current database: 'testdb'"/>
|
|
<item value="r'postgres.+template0.+template1.+testdb'"/>
|
|
<item value="r'1 table.+users'"/>
|
|
<item value="r'3 columns.+username.+bpchar'"/>
|
|
<item value="r'4 entries.+nameisnull'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Postgres (--technique=U --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump)">
|
|
<switches>
|
|
<url value="http://debiandev/sqlmap/pgsql/get_int.php?id=1"/>
|
|
<isDba value="True"/>
|
|
<tech value="U"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<db value="testdb"/>
|
|
<tbl value="users"/>
|
|
<getColumns value="True"/>
|
|
<dumpTable value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="current user is DBA: True"/>
|
|
<item value="PostgreSQL 8.3.9 on i486-pc-linux-gnu, compiled by GCC gcc-4.3.real (Debian 4.3.2-1.1) 4.3.2"/>
|
|
<item value="current user: 'testuser'"/>
|
|
<item value="current database: 'testdb'"/>
|
|
<item value="r'postgres.+template0.+template1.+testdb'"/>
|
|
<item value="r'1 table.+users'"/>
|
|
<item value="r'3 columns.+username.+bpchar'"/>
|
|
<item value="r'4 entries.+nameisnull'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Postgres partial union (--technique=U --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump)">
|
|
<switches>
|
|
<url value="http://debiandev/sqlmap/pgsql/get_int_partialunion.php?id=1"/>
|
|
<isDba value="True"/>
|
|
<tech value="U"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<db value="testdb"/>
|
|
<tbl value="users"/>
|
|
<getColumns value="True"/>
|
|
<dumpTable value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="current user is DBA: True"/>
|
|
<item value="PostgreSQL 8.3.9 on i486-pc-linux-gnu, compiled by GCC gcc-4.3.real (Debian 4.3.2-1.1) 4.3.2"/>
|
|
<item value="current user: 'testuser'"/>
|
|
<item value="current database: 'testdb'"/>
|
|
<item value="r'postgres.+template0.+template1.+testdb'"/>
|
|
<item value="r'1 table.+users'"/>
|
|
<item value="r'3 columns.+username.+bpchar'"/>
|
|
<item value="r'4 entries.+nameisnull'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle (--technique=B --is-dba --banner --current-user --current-db --dbs --tables -D SCOTT -T users --columns --dump --threads=4)">
|
|
<switches>
|
|
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
|
|
<isDba value="True"/>
|
|
<tech value="B"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<db value="SCOTT"/>
|
|
<tbl value="users"/>
|
|
<getColumns value="True"/>
|
|
<dumpTable value="True"/>
|
|
<threads value="4"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="current user is DBA: True"/>
|
|
<item value="banner: 'Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Prod'"/>
|
|
<item value="current user: 'SYS'"/>
|
|
<item value="'TESTDB.REGRESS.RDBMS.DEV.US.ORACLE.COM'"/>
|
|
<item value="r'available databases.+15.+CTXSYS.+DBSNMP.+SCOTT.+SYS.+SYSMAN'"/>
|
|
<item value="r'5 tables.+BONUS.+DEPT.+EMP.+SALGRADE.+USERS'"/>
|
|
<item value="r'3 columns.+SURNAME.+VARCHAR'"/>
|
|
<item value="r'4 entries.+nameisnull'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle (--technique=E --is-dba --banner --current-user --current-db --dbs --tables -D SCOTT -T users --columns --dump)">
|
|
<switches>
|
|
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
|
|
<isDba value="True"/>
|
|
<tech value="E"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<db value="SCOTT"/>
|
|
<tbl value="users"/>
|
|
<getColumns value="True"/>
|
|
<dumpTable value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="current user is DBA: True"/>
|
|
<item value="banner: 'Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Prod'"/>
|
|
<item value="current user: 'SYS'"/>
|
|
<item value="'TESTDB.REGRESS.RDBMS.DEV.US.ORACLE.COM'"/>
|
|
<item value="r'available databases.+15.+CTXSYS.+DBSNMP.+SCOTT.+SYS.+SYSMAN'"/>
|
|
<item value="r'5 tables.+BONUS.+DEPT.+EMP.+SALGRADE.+USERS'"/>
|
|
<item value="r'3 columns.+SURNAME.+VARCHAR'"/>
|
|
<item value="r'4 entries.+nameisnull'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle (--technique=U --is-dba --banner --current-user --current-db --dbs --tables -D SCOTT -T users --columns --dump)">
|
|
<switches>
|
|
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
|
|
<isDba value="True"/>
|
|
<tech value="U"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<db value="SCOTT"/>
|
|
<tbl value="users"/>
|
|
<getColumns value="True"/>
|
|
<dumpTable value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="current user is DBA: True"/>
|
|
<item value="banner: 'Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Prod'"/>
|
|
<item value="current user: 'SYS'"/>
|
|
<item value="'TESTDB.REGRESS.RDBMS.DEV.US.ORACLE.COM'"/>
|
|
<item value="r'available databases.+15.+CTXSYS.+DBSNMP.+SCOTT.+SYS.+SYSMAN'"/>
|
|
<item value="r'5 tables.+BONUS.+DEPT.+EMP.+SALGRADE.+USERS'"/>
|
|
<item value="r'3 columns.+SURNAME.+VARCHAR'"/>
|
|
<item value="r'4 entries.+nameisnull'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="Oracle partial union (--technique=U --is-dba --banner --current-user --current-db --dbs --tables -D SCOTT -T users --columns --dump)">
|
|
<switches>
|
|
<url value="http://debiandev/sqlmap/oracle/get_int_partialunion.php?id=1"/>
|
|
<isDba value="True"/>
|
|
<tech value="U"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<db value="SCOTT"/>
|
|
<tbl value="users"/>
|
|
<getColumns value="True"/>
|
|
<dumpTable value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="current user is DBA: True"/>
|
|
<item value="banner: 'Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Prod'"/>
|
|
<item value="current user: 'SYS'"/>
|
|
<item value="'TESTDB.REGRESS.RDBMS.DEV.US.ORACLE.COM'"/>
|
|
<item value="r'available databases.+15.+CTXSYS.+DBSNMP.+SCOTT.+SYS.+SYSMAN'"/>
|
|
<item value="r'5 tables.+BONUS.+DEPT.+EMP.+SALGRADE.+USERS'"/>
|
|
<item value="r'3 columns.+SURNAME.+VARCHAR'"/>
|
|
<item value="r'4 entries.+nameisnull'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MSSQL (--technique=B --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump --threads=4)">
|
|
<switches>
|
|
<url value="http://windowsdev/sqlmap/mssql/iis/get_int.asp?id=1"/>
|
|
<isDba value="True"/>
|
|
<tech value="B"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<db value="testdb"/>
|
|
<tbl value="users"/>
|
|
<getColumns value="True"/>
|
|
<dumpTable value="True"/>
|
|
<threads value="4"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="current user is DBA: True"/>
|
|
<item value="r'Microsoft SQL Server 2005.+Oct 14 2005 00:33:37'"/>
|
|
<item value="current user: 'sa'"/>
|
|
<item value="current database: 'testdb'"/>
|
|
<item value="r'available databases.+5.+master.+model.+msdb.+tempdb.+testdb'"/>
|
|
<item value="r'dbo\.sysdiagrams.+dbo\.users'"/>
|
|
<item value="r'3 columns.+surname.+varchar'"/>
|
|
<item value="r'5 entries.+nameisnull.+'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MSSQL (--technique=E --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump)">
|
|
<switches>
|
|
<url value="http://windowsdev/sqlmap/mssql/iis/get_int.asp?id=1"/>
|
|
<isDba value="True"/>
|
|
<tech value="E"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<db value="testdb"/>
|
|
<tbl value="users"/>
|
|
<getColumns value="True"/>
|
|
<dumpTable value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="current user is DBA: True"/>
|
|
<item value="r'Microsoft SQL Server 2005.+Oct 14 2005 00:33:37'"/>
|
|
<item value="current user: 'sa'"/>
|
|
<item value="current database: 'testdb'"/>
|
|
<item value="r'available databases.+5.+master.+model.+msdb.+tempdb.+testdb'"/>
|
|
<item value="r'dbo\.sysdiagrams.+dbo\.users'"/>
|
|
<item value="r'3 columns.+surname.+varchar'"/>
|
|
<item value="r'5 entries.+nameisnull.+'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MSSQL (--technique=U --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump)">
|
|
<switches>
|
|
<url value="http://windowsdev/sqlmap/mssql/iis/get_int.asp?id=1"/>
|
|
<isDba value="True"/>
|
|
<tech value="U"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<db value="testdb"/>
|
|
<tbl value="users"/>
|
|
<getColumns value="True"/>
|
|
<dumpTable value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="current user is DBA: True"/>
|
|
<item value="r'Microsoft SQL Server 2005.+Oct 14 2005 00:33:37'"/>
|
|
<item value="current user: 'sa'"/>
|
|
<item value="current database: 'testdb'"/>
|
|
<item value="r'available databases.+5.+master.+model.+msdb.+tempdb.+testdb'"/>
|
|
<item value="r'dbo\.sysdiagrams.+dbo\.users'"/>
|
|
<item value="r'3 columns.+surname.+varchar'"/>
|
|
<item value="r'5 entries.+nameisnull.+'"/>
|
|
</parse>
|
|
</case>
|
|
<case name="MSSQL partial union (--technique=U --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump)">
|
|
<switches>
|
|
<url value="http://windowsdev/sqlmap/mssql/iis/get_int_partialunion.asp?id=1"/>
|
|
<isDba value="True"/>
|
|
<tech value="U"/>
|
|
<getBanner value="True"/>
|
|
<getCurrentUser value="True"/>
|
|
<getCurrentDb value="True"/>
|
|
<getDbs value="True"/>
|
|
<getTables value="True"/>
|
|
<db value="testdb"/>
|
|
<tbl value="users"/>
|
|
<getColumns value="True"/>
|
|
<dumpTable value="True"/>
|
|
</switches>
|
|
<parse>
|
|
<item value="current user is DBA: True"/>
|
|
<item value="r'Microsoft SQL Server 2005.+Oct 14 2005 00:33:37'"/>
|
|
<item value="current user: 'sa'"/>
|
|
<item value="current database: 'testdb'"/>
|
|
<item value="r'available databases.+5.+master.+model.+msdb.+tempdb.+testdb'"/>
|
|
<item value="r'dbo\.sysdiagrams.+dbo\.users'"/>
|
|
<item value="r'3 columns.+surname.+varchar'"/>
|
|
<item value="r'5 entries.+nameisnull.+'"/>
|
|
</parse>
|
|
</case>
|
|
</root>
|