added test cases for --sql-query and improved tests for --search -C

bdamele · bdamele · commit 2c86022aab99 · 2012-12-18T16:30:46.000Z
diff --git a/xml/livetests.xml b/xml/livetests.xml
@@ -527,8 +527,133 @@
             <item value="r'Database: mysql.+Table: plugin.+1 column.+name.+char\(64\)'"/>
         </parse>
     </case>
+    <case name="MySQL boolean-based multi-threaded search enumeration - column given tables">
+        <switches>
+            <url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
+            <threads value="4"/>
+            <tech value="B"/>
+            <search value="True"/>
+            <tbl value="users,plugin"/>
+            <col value="name"/>
+            <answers value="do you want to dump=N"/>
+        </switches>
+        <parse>
+            <item value="r'Database: testdb.+Table: users.+2 columns.+name.+surname'"/>
+            <item value="r'Database: mysql.+Table: plugin.+1 column.+name'"/>
+        </parse>
+    </case>
+    <case name="MySQL error-based multi-threaded search enumeration - column given tables">
+        <switches>
+            <url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
+            <threads value="4"/>
+            <tech value="E"/>
+            <search value="True"/>
+            <tbl value="users,plugin"/>
+            <col value="name"/>
+            <answers value="do you want to dump=N"/>
+        </switches>
+        <parse>
+            <item value="r'Database: testdb.+Table: users.+2 columns.+name.+varchar\(500\).+surname.+varchar\(1000\)'"/>
+            <item value="r'Database: mysql.+Table: plugin.+1 column.+name.+char\(64\)'"/>
+        </parse>
+    </case>
+    <case name="MySQL UNION query multi-threaded search enumeration - column given tables">
+        <switches>
+            <url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
+            <threads value="4"/>
+            <tech value="U"/>
+            <search value="True"/>
+            <tbl value="users,plugin"/>
+            <col value="name"/>
+            <answers value="do you want to dump=N"/>
+        </switches>
+        <parse>
+            <item value="r'Database: testdb.+Table: users.+2 columns.+name.+varchar\(500\).+surname.+varchar\(1000\)'"/>
+            <item value="r'Database: mysql.+Table: plugin.+1 column.+name.+char\(64\)'"/>
+        </parse>
+    </case>
+    <case name="MySQL boolean-based multi-threaded search enumeration - column given databases and table">
+        <switches>
+            <url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
+            <threads value="4"/>
+            <tech value="B"/>
+            <search value="True"/>
+            <db value="mysql,testdb"/>
+            <tbl value="users"/>
+            <col value="name"/>
+            <answers value="do you want to dump=N"/>
+        </switches>
+        <parse>
+            <item value="r'Database: testdb.+Table: users.+2 columns.+name.+surname'"/>
+        </parse>
+    </case>
+    <case name="MySQL error-based multi-threaded search enumeration - column given databases and table">
+        <switches>
+            <url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
+            <threads value="4"/>
+            <tech value="E"/>
+            <search value="True"/>
+            <db value="mysql,testdb"/>
+            <tbl value="users"/>
+            <col value="name"/>
+            <answers value="do you want to dump=N"/>
+        </switches>
+        <parse>
+            <item value="r'Database: testdb.+Table: users.+2 columns.+name.+varchar\(500\).+surname.+varchar\(1000\)'"/>
+        </parse>
+    </case>
+    <case name="MySQL UNION query multi-threaded search enumeration - column given databases and table">
+        <switches>
+            <url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
+            <threads value="4"/>
+            <tech value="U"/>
+            <search value="True"/>
+            <db value="mysql,testdb"/>
+            <tbl value="users"/>
+            <col value="name"/>
+            <answers value="do you want to dump=N"/>
+        </switches>
+        <parse>
+            <item value="r'Database: testdb.+Table: users.+2 columns.+name.+varchar\(500\).+surname.+varchar\(1000\)'"/>
+        </parse>
+    </case>
     <!-- End of search enumeration switches -->
 
+    <!-- User's provided statement enumeration switches -->
+    <case name="MySQL boolean-based multi-threaded custom SQL query enumeration">
+        <switches>
+            <url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
+            <threads value="4"/>
+            <tech value="B"/>
+            <query value="SELECT * FROM users LIMIT 0, 2"/>
+        </switches>
+        <parse>
+            <item value="r'SELECT \* FROM users LIMIT 0, 2 \[2\].+1, luther, blissett.+2, fluffy, bunny'"/>
+        </parse>
+    </case>
+    <case name="MySQL error-based multi-threaded custom SQL query enumeration">
+        <switches>
+            <url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
+            <threads value="4"/>
+            <tech value="E"/>
+            <query value="SELECT * FROM users LIMIT 0, 2"/>
+        </switches>
+        <parse>
+            <item value="r'SELECT \* FROM users LIMIT 0, 2 \[2\].+1, luther, blissett.+2, fluffy, bunny'"/>
+        </parse>
+    </case>
+    <case name="MySQL UNION query multi-threaded custom SQL query enumeration">
+        <switches>
+            <url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
+            <threads value="4"/>
+            <tech value="U"/>
+            <query value="SELECT * FROM users LIMIT 0, 2"/>
+        </switches>
+        <parse>
+            <item value="r'SELECT \* FROM users LIMIT 0, 2 \[2\].+1, luther, blissett.+2, fluffy, bunny'"/>
+        </parse>
+    </case>
+    <!-- End of user's provided statement enumeration switches -->
 
     <!-- Old test cases -->
     <case name="MySQL (--technique=E --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump)">
