CERBERUS/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-06-09 17:51:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Minor revisit of payload boundaries (Issue #1800)

Browse source
This commit is contained in:
Miroslav Stampar 2016-04-08 11:28:17 +02:00
parent bcfae99701
commit ce3749622a
5 changed files with 43 additions and 43 deletions
Download patch file Download diff file Expand all files Collapse all files

36
xml/boundaries.xml
View file

@ -89,7 +89,7 @@ Formats:
<where>1,2</where>
<ptype>2</ptype>
<prefix>')</prefix>
<suffix></suffix>
<suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary>
<boundary>
@ -98,7 +98,7 @@ Formats:
<where>1,2</where>
<ptype>2</ptype>
<prefix>'</prefix>
<suffix></suffix>
<suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary>
<boundary>
@ -107,7 +107,7 @@ Formats:
<where>1,2</where>
<ptype>4</ptype>
<prefix>"</prefix>
<suffix></suffix>
<suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary>
<!-- End of generic boundaries -->
@ -406,7 +406,7 @@ Formats:
<where>1,2</where>
<ptype>1</ptype>
<prefix></prefix>
<suffix>-- [RANDSTR]</suffix>
<suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary>
<boundary>
@ -426,7 +426,7 @@ Formats:
<where>1,2</where>
<ptype>2</ptype>
<prefix>') WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>-- </suffix>
<suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary>
<boundary>
@ -435,7 +435,7 @@ Formats:
<where>1,2</where>
<ptype>2</ptype>
<prefix>") WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>-- </suffix>
<suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary>
<boundary>
@ -444,7 +444,7 @@ Formats:
<where>1,2</where>
<ptype>1</ptype>
<prefix>) WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>-- </suffix>
<suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary>
<boundary>
@ -453,7 +453,7 @@ Formats:
<where>1,2</where>
<ptype>2</ptype>
<prefix>' WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>-- </suffix>
<suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary>
<boundary>
@ -462,7 +462,7 @@ Formats:
<where>1,2</where>
<ptype>4</ptype>
<prefix>" WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>-- </suffix>
<suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary>
<boundary>
@ -471,7 +471,7 @@ Formats:
<where>1,2</where>
<ptype>1</ptype>
<prefix> WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>-- </suffix>
<suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary>
<!-- End of pre-WHERE generic boundaries -->
@ -482,7 +482,7 @@ Formats:
<where>1,2</where>
<ptype>2</ptype>
<prefix>')) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>-- </suffix>
<suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary>
<boundary>
@ -491,7 +491,7 @@ Formats:
<where>1,2</where>
<ptype>2</ptype>
<prefix>")) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>-- </suffix>
<suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary>
<boundary>
@ -500,7 +500,7 @@ Formats:
<where>1,2</where>
<ptype>1</ptype>
<prefix>)) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>-- </suffix>
<suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary>
<boundary>
@ -509,7 +509,7 @@ Formats:
<where>1,2</where>
<ptype>2</ptype>
<prefix>') AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>-- </suffix>
<suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary>
<boundary>
@ -518,7 +518,7 @@ Formats:
<where>1,2</where>
<ptype>4</ptype>
<prefix>") AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>-- </suffix>
<suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary>
<boundary>
@ -527,7 +527,7 @@ Formats:
<where>1,2</where>
<ptype>1</ptype>
<prefix>) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>-- </suffix>
<suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary>
<boundary>
@ -536,7 +536,7 @@ Formats:
<where>1</where>
<ptype>1</ptype>
<prefix>` WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>-- </suffix>
<suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary>
<boundary>
@ -545,7 +545,7 @@ Formats:
<where>1</where>
<ptype>1</ptype>
<prefix>`) WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>-- </suffix>
<suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary>
<!-- End of pre-WHERE derived table boundaries -->

6
xml/payloads/01_boolean_blind.xml
View file

@ -212,7 +212,7 @@ Tag: <test>
<vector>AND [INFERENCE]</vector>
<request>
<payload>AND [RANDNUM]=[RANDNUM]</payload>
<comment>-- -</comment>
<comment>[GENERIC_SQL_COMMENT]</comment>
</request>
<response>
<comparison>AND [RANDNUM]=[RANDNUM1]</comparison>
@ -229,7 +229,7 @@ Tag: <test>
<vector>OR [INFERENCE]</vector>
<request>
<payload>OR [RANDNUM]=[RANDNUM]</payload>
<comment>-- -</comment>
<comment>[GENERIC_SQL_COMMENT]</comment>
</request>
<response>
<comparison>OR [RANDNUM]=[RANDNUM1]</comparison>
@ -246,7 +246,7 @@ Tag: <test>
<vector>OR NOT [INFERENCE]</vector>
<request>
<payload>OR NOT [RANDNUM]=[RANDNUM]</payload>
<comment>-- -</comment>
<comment>[GENERIC_SQL_COMMENT]</comment>
</request>
<response>
<comparison>OR NOT [RANDNUM]=[RANDNUM1]</comparison>

36
xml/payloads/06_union_query.xml
View file

@ -12,7 +12,7 @@
<vector>[UNION]</vector>
<request>
<payload/>
<comment>-- -</comment>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>[CHAR]</char>
<columns>[COLSTART]-[COLSTOP]</columns>
</request>
@ -31,7 +31,7 @@
<vector>[UNION]</vector>
<request>
<payload/>
<comment>-- -</comment>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>NULL</char>
<columns>[COLSTART]-[COLSTOP]</columns>
</request>
@ -50,7 +50,7 @@
<vector>[UNION]</vector>
<request>
<payload/>
<comment>-- -</comment>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>[RANDNUM]</char>
<columns>[COLSTART]-[COLSTOP]</columns>
</request>
@ -69,7 +69,7 @@
<vector>[UNION]</vector>
<request>
<payload/>
<comment>-- -</comment>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>[CHAR]</char>
<columns>1-10</columns>
</request>
@ -88,7 +88,7 @@
<vector>[UNION]</vector>
<request>
<payload/>
<comment>-- -</comment>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>NULL</char>
<columns>1-10</columns>
</request>
@ -107,7 +107,7 @@
<vector>[UNION]</vector>
<request>
<payload/>
<comment>-- -</comment>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>[RANDNUM]</char>
<columns>1-10</columns>
</request>
@ -126,7 +126,7 @@
<vector>[UNION]</vector>
<request>
<payload/>
<comment>-- -</comment>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>[CHAR]</char>
<columns>11-20</columns>
</request>
@ -145,7 +145,7 @@
<vector>[UNION]</vector>
<request>
<payload/>
<comment>-- -</comment>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>NULL</char>
<columns>11-20</columns>
</request>
@ -164,7 +164,7 @@
<vector>[UNION]</vector>
<request>
<payload/>
<comment>-- -</comment>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>[RANDNUM]</char>
<columns>11-20</columns>
</request>
@ -183,7 +183,7 @@
<vector>[UNION]</vector>
<request>
<payload/>
<comment>-- -</comment>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>[CHAR]</char>
<columns>21-30</columns>
</request>
@ -202,7 +202,7 @@
<vector>[UNION]</vector>
<request>
<payload/>
<comment>-- -</comment>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>NULL</char>
<columns>21-30</columns>
</request>
@ -221,7 +221,7 @@
<vector>[UNION]</vector>
<request>
<payload/>
<comment>-- -</comment>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>[RANDNUM]</char>
<columns>21-30</columns>
</request>
@ -240,7 +240,7 @@
<vector>[UNION]</vector>
<request>
<payload/>
<comment>-- -</comment>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>[CHAR]</char>
<columns>31-40</columns>
</request>
@ -259,7 +259,7 @@
<vector>[UNION]</vector>
<request>
<payload/>
<comment>-- -</comment>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>NULL</char>
<columns>31-40</columns>
</request>
@ -278,7 +278,7 @@
<vector>[UNION]</vector>
<request>
<payload/>
<comment>-- -</comment>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>[RANDNUM]</char>
<columns>31-40</columns>
</request>
@ -297,7 +297,7 @@
<vector>[UNION]</vector>
<request>
<payload/>
<comment>-- -</comment>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>[CHAR]</char>
<columns>41-50</columns>
</request>
@ -315,7 +315,7 @@
<vector>[UNION]</vector>
<request>
<payload/>
<comment>-- -</comment>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>NULL</char>
<columns>41-50</columns>
</request>
@ -334,7 +334,7 @@
<vector>[UNION]</vector>
<request>
<payload/>
<comment>-- -</comment>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>[RANDNUM]</char>
<columns>41-50</columns>
</request>