Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 61a838b

Browse files
bdamelebdamele
committed
added more test cases
1 parent d1d99d9 commit 61a838b

2 files changed

Lines changed: 182 additions & 1 deletion

File tree

lib/core/settings.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -462,7 +462,7 @@
462462
CHECK_ZERO_COLUMNS_THRESHOLD = 10
463463

464464
# Boldify all logger messages containing these "patterns"
465-
BOLD_PATTERNS = ("' injectable", "might be injectable", "' is vulnerable", "is not injectable", "test failed", "test passed")
465+
BOLD_PATTERNS = ("' injectable", "might be injectable", "' is vulnerable", "is not injectable", "test failed", "test passed", "live test final result")
466466

467467
# Generic www root directory names
468468
GENERIC_DOC_ROOT_DIRECTORY_NAMES = ("htdocs", "wwwroot", "www")

xml/livetests.xml

Lines changed: 181 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,7 @@
66
<batch value="True"/>
77
<verbose value="1"/>
88
</global>
9+
<!-- Common enumeration switches across all techniques -->
910
<case name="MySQL boolean-based multi-threaded enumeration - all entries">
1011
<switches>
1112
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
@@ -264,6 +265,186 @@
264265
<item value="r'Database: testdb.+Table: users.+5 entries.+luther.+nameisnull.+'"/>
265266
</parse>
266267
</case>
268+
<!-- End of common enumeration switches across all techniques -->
269+
270+
<!-- Custom enumeration switches -->
271+
<case name="MySQL error-based multi-threaded custom enumeration">
272+
<switches>
273+
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
274+
<threads value="4"/>
275+
<tech value="E"/>
276+
<getSchema value="True"/>
277+
<dumpTable value="True"/>
278+
<db value="testdb"/>
279+
<tbl value="users"/>
280+
<limitStart value="2"/>
281+
<limitStop value="4"/>
282+
<excludeSysDbs value="True"/>
283+
</switches>
284+
<parse>
285+
<item value="r'Database: testdb.+Table: users.+3 columns.+surname.+varchar\(1000\)'"/>
286+
<item value="r'Database: testdb.+Table: users.+3 entries.+fluffy.+bunny.+wu.+ming'"/>
287+
</parse>
288+
</case>
289+
<case name="MySQL UNION query multi-threaded custom enumeration">
290+
<switches>
291+
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
292+
<threads value="4"/>
293+
<tech value="U"/>
294+
<getSchema value="True"/>
295+
<dumpTable value="True"/>
296+
<db value="testdb"/>
297+
<tbl value="users"/>
298+
<limitStart value="2"/>
299+
<limitStop value="4"/>
300+
<excludeSysDbs value="True"/>
301+
</switches>
302+
<parse>
303+
<item value="r'Database: testdb.+Table: users.+3 columns.+surname.+varchar\(1000\)'"/>
304+
<item value="r'Database: testdb.+Table: users.+3 entries.+fluffy.+bunny.+wu.+ming'"/>
305+
</parse>
306+
</case>
307+
<!-- TODO: this fails because of issue #304 -->
308+
<case name="MySQL boolean-based multi-threaded custom enumeration - substring">
309+
<switches>
310+
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
311+
<threads value="4"/>
312+
<tech value="B"/>
313+
<dumpTable value="True"/>
314+
<db value="testdb"/>
315+
<tbl value="users"/>
316+
<firstChar value="3"/>
317+
<lastChar value="5"/>
318+
</switches>
319+
<parse>
320+
<item value="r'Database: testdb.+Table: users.+5 entries.+the | iss.+&lt;blank&gt; | mei'"/>
321+
</parse>
322+
</case>
323+
<!-- End of custom enumeration switches -->
324+
325+
<!-- Search enumeration switches -->
326+
<case name="MySQL boolean-based multi-threaded search enumeration - database">
327+
<switches>
328+
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
329+
<threads value="4"/>
330+
<tech value="B"/>
331+
<search value="True"/>
332+
<db value="e"/>
333+
</switches>
334+
<parse>
335+
<item value="r'found databases.+:.+\[\*\] information_schema.+\[\*\] testdb'"/>
336+
</parse>
337+
</case>
338+
<case name="MySQL error-based multi-threaded search enumeration - database">
339+
<switches>
340+
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
341+
<threads value="4"/>
342+
<tech value="E"/>
343+
<search value="True"/>
344+
<db value="e"/>
345+
</switches>
346+
<parse>
347+
<item value="r'found databases.+:.+\[\*\] information_schema.+\[\*\] testdb'"/>
348+
</parse>
349+
</case>
350+
<case name="MySQL UNION query multi-threaded search enumeration - database">
351+
<switches>
352+
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
353+
<threads value="4"/>
354+
<tech value="U"/>
355+
<search value="True"/>
356+
<db value="e"/>
357+
</switches>
358+
<parse>
359+
<item value="r'found databases.+:.+\[\*\] information_schema.+\[\*\] testdb'"/>
360+
</parse>
361+
</case>
362+
<case name="MySQL boolean-based multi-threaded search enumeration - tables">
363+
<switches>
364+
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
365+
<threads value="4"/>
366+
<tech value="B"/>
367+
<search value="True"/>
368+
<db value="testdb"/>
369+
<tbl value="a,e,i"/>
370+
</switches>
371+
<parse>
372+
<item value="r'Database: testdb.+1 table.+users'"/>
373+
<item value="r'.+5 entries.+wu.+nameisnull'"/>
374+
</parse>
375+
</case>
376+
<case name="MySQL error-based multi-threaded search enumeration - tables">
377+
<switches>
378+
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
379+
<threads value="4"/>
380+
<tech value="E"/>
381+
<search value="True"/>
382+
<db value="testdb"/>
383+
<tbl value="a,e,i"/>
384+
</switches>
385+
<parse>
386+
<item value="r'Database: testdb.+1 table.+users'"/>
387+
<item value="r'.+5 entries.+wu.+nameisnull'"/>
388+
</parse>
389+
</case>
390+
<case name="MySQL UNION query multi-threaded search enumeration - tables">
391+
<switches>
392+
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
393+
<threads value="4"/>
394+
<tech value="U"/>
395+
<search value="True"/>
396+
<db value="testdb"/>
397+
<tbl value="a,e,i"/>
398+
</switches>
399+
<parse>
400+
<item value="r'Database: testdb.+1 table.+users'"/>
401+
<item value="r'.+5 entries.+wu.+nameisnull'"/>
402+
</parse>
403+
</case>
404+
<case name="MySQL boolean-based multi-threaded search enumeration - columns">
405+
<switches>
406+
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
407+
<threads value="4"/>
408+
<tech value="B"/>
409+
<search value="True"/>
410+
<col value="name"/>
411+
<excludeSysDbs value="True"/>
412+
<answers value="do you want to dump=N"/>
413+
</switches>
414+
<parse>
415+
<item value="r'Database: testdb.+Table: users.+2 columns.+name.+surname'"/>
416+
</parse>
417+
</case>
418+
<case name="MySQL error-based multi-threaded search enumeration - columns">
419+
<switches>
420+
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
421+
<threads value="4"/>
422+
<tech value="E"/>
423+
<search value="True"/>
424+
<col value="name"/>
425+
<excludeSysDbs value="True"/>
426+
<answers value="do you want to dump=N"/>
427+
</switches>
428+
<parse>
429+
<item value="r'Database: testdb.+Table: users.+2 columns.+name.+varchar\(500\).+surname.+varchar\(1000\)'"/>
430+
</parse>
431+
</case>
432+
<case name="MySQL UNION query multi-threaded search enumeration - columns">
433+
<switches>
434+
<url value="http://debiandev/sqlmap/mysql/get_int.php?id=1"/>
435+
<threads value="4"/>
436+
<tech value="U"/>
437+
<search value="True"/>
438+
<col value="name"/>
439+
<excludeSysDbs value="True"/>
440+
<answers value="do you want to dump=N"/>
441+
</switches>
442+
<parse>
443+
<item value="r'Database: testdb.+Table: users.+2 columns.+name.+varchar\(500\).+surname.+varchar\(1000\)'"/>
444+
</parse>
445+
</case>
446+
<!-- End of search enumeration switches -->
447+
267448

268449
<!-- Old test cases -->
269450
<case name="MySQL (--technique=E --is-dba --banner --current-user --current-db --dbs --tables -D testdb -T users --columns --dump)">

0 commit comments

Comments
 (0)