@@ -47,6 +47,7 @@ def vulnTest():
4747 ("-u '<url>&id2=1' -p id2 -v 5 --flush-session --level=5 --test-filter='AND boolean-based blind - WHERE or HAVING clause (MySQL comment)'" , ("~1AND" ,)),
4848 ("--list-tampers" , ("between" , "MySQL" , "xforwardedfor" )),
4949 ("-r <request> --flush-session -v 5 --test-skip='heavy' --save=<tmp>" , ("CloudFlare" , "possible DBMS: 'SQLite'" , "User-agent: foobar" , "~Type: time-based blind" )),
50+ ("<piped> -r <request> -l <log> --flush-session --banner --technique=B" , ("banner: '3." , "STDIN" )),
5051 ("-l <log> --flush-session --keep-alive --skip-waf -v 5 --technique=U --union-from=users --banner --parse-errors" , ("banner: '3." , "ORDER BY term out of range" , "~xp_cmdshell" , "Connection: keep-alive" )),
5152 ("-l <log> --offline --banner -v 5" , ("banner: '3." , "~[TRAFFIC OUT]" )),
5253 ("-u <base64> -p id --base64=id --data='base64=true' --flush-session --banner --technique=B" , ("banner: '3." ,)),
@@ -138,6 +139,10 @@ def _thread():
138139 os .close (handle )
139140 cmd = cmd .replace ("<tmp>" , tmp )
140141
142+ if "<piped>" in cmd :
143+ cmd = re .sub (r"<piped>\s*" , "" , cmd )
144+ cmd = "echo %s | %s" % (url , cmd )
145+
141146 output = shellExec (cmd )
142147
143148 if not all ((check in output if not check .startswith ('~' ) else check [1 :] not in output ) for check in checks ) or "unhandled exception" in output :
0 commit comments