Skip to content

Commit 2463e51

Browse files
bdamelebdamele
committedJan 18, 2013
added one more test case for DB2 and a few search-related cases for Oracle (issue #312)
·
1.9.40.19
1 parent 11e27f0 commit 2463e51

File tree

1 file changed

+305
-0
lines changed

1 file changed

+305
-0
lines changed
 

Diff for: ‎xml/livetests.xml

+305
Original file line numberDiff line numberDiff line change
@@ -1044,6 +1044,21 @@
10441044
<item value="r'Database: SYS.+Table: USERS.+5 entries.+the | iss.+&lt;blank&gt; | mei'"/>
10451045
</parse>
10461046
</case>
1047+
<case name="IBM DB2 boolean-based multi-threaded custom enumeration - substring">
1048+
<switches>
1049+
<url value="http://debiandev/sqlmap/db2/get_int.php?id=1"/>
1050+
<threads value="4"/>
1051+
<tech value="B"/>
1052+
<dumpTable value="True"/>
1053+
<db value="db2inst1"/>
1054+
<tbl value="users"/>
1055+
<firstChar value="3"/>
1056+
<lastChar value="5"/>
1057+
</switches>
1058+
<parse>
1059+
<item value="r'Database: DB2INST1.+Table: USERS.+5 entries.+the | iss.+NULL | mei'"/>
1060+
</parse>
1061+
</case>
10471062
<case name="SQLite UNION query multi-threaded custom enumeration">
10481063
<switches>
10491064
<url value="http://debiandev/sqlmap/sqlite/get_int.php?id=1"/>
@@ -1671,6 +1686,296 @@
16711686
<item value="r'Database: information_schema.+Table: sql_parts.+1 column.+feature_name.+character_data'"/>
16721687
</parse>
16731688
</case>
1689+
<case name="Oracle boolean-based multi-threaded search enumeration - database">
1690+
<switches>
1691+
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
1692+
<threads value="4"/>
1693+
<tech value="B"/>
1694+
<search value="True"/>
1695+
<db value="sys"/>
1696+
</switches>
1697+
<parse>
1698+
<item value="r'found databases.+:.+\[\*\] CTXSYS.+\[\*\] SYS.+\[\*\] TSMSYS'"/>
1699+
</parse>
1700+
</case>
1701+
<case name="Oracle error-based multi-threaded search enumeration - database">
1702+
<switches>
1703+
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
1704+
<threads value="4"/>
1705+
<tech value="E"/>
1706+
<search value="True"/>
1707+
<db value="sys"/>
1708+
</switches>
1709+
<parse>
1710+
<item value="r'found databases.+:.+\[\*\] CTXSYS.+\[\*\] SYS.+\[\*\] TSMSYS'"/>
1711+
</parse>
1712+
</case>
1713+
<case name="Oracle UNION query multi-threaded search enumeration - database">
1714+
<switches>
1715+
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
1716+
<threads value="4"/>
1717+
<tech value="U"/>
1718+
<search value="True"/>
1719+
<db value="sys"/>
1720+
</switches>
1721+
<parse>
1722+
<item value="r'found databases.+:.+\[\*\] CTXSYS.+\[\*\] SYS.+\[\*\] TSMSYS'"/>
1723+
</parse>
1724+
</case>
1725+
<case name="Oracle boolean-based multi-threaded search enumeration - tables given database">
1726+
<switches>
1727+
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
1728+
<threads value="4"/>
1729+
<tech value="B"/>
1730+
<search value="True"/>
1731+
<db value="sys"/>
1732+
<tbl value="user,aux,wrong"/>
1733+
<answer value="do you want to dump tables=N,do you want to crack them via a dictionary-based attack=N"/>
1734+
</switches>
1735+
<parse>
1736+
<item value="r'Database: SYS.+9 tables.+AUX_STATS.+USERS.+AUX_HISTORY'"/>
1737+
</parse>
1738+
</case>
1739+
<case name="Oracle error-based multi-threaded search enumeration - tables given database">
1740+
<switches>
1741+
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
1742+
<threads value="4"/>
1743+
<tech value="E"/>
1744+
<search value="True"/>
1745+
<db value="sys"/>
1746+
<tbl value="user,aux,wrong"/>
1747+
<answer value="do you want to crack them via a dictionary-based attack=N"/>
1748+
</switches>
1749+
<parse>
1750+
<item value="r'Database: SYS.+9 tables.+AUX_STATS.+USERS.+AUX_HISTORY'"/>
1751+
<item value="r'.+5 entries.+wu.+nameisnull'"/>
1752+
</parse>
1753+
</case>
1754+
<case name="Oracle UNION query multi-threaded search enumeration - tables given database">
1755+
<switches>
1756+
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
1757+
<threads value="4"/>
1758+
<tech value="U"/>
1759+
<search value="True"/>
1760+
<db value="sys"/>
1761+
<tbl value="user,aux,wrong"/>
1762+
<answer value="do you want to crack them via a dictionary-based attack=N"/>
1763+
</switches>
1764+
<parse>
1765+
<item value="r'Database: SYS.+9 tables.+AUX_STATS.+USERS.+AUX_HISTORY'"/>
1766+
<item value="r'.+5 entries.+wu.+nameisnull'"/>
1767+
</parse>
1768+
</case>
1769+
<case name="Oracle boolean-based multi-threaded search enumeration - tables without given database">
1770+
<switches>
1771+
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
1772+
<threads value="4"/>
1773+
<tech value="B"/>
1774+
<search value="True"/>
1775+
<tbl value="users"/>
1776+
<answers value="do you want to dump=N"/>
1777+
</switches>
1778+
<parse>
1779+
<item value="r'Database: SYS.+1 table.+USERS.+Database: FLOWS_020100.+2 table.+WWV_FLOW_PICK_END_USERS'"/>
1780+
</parse>
1781+
</case>
1782+
<case name="Oracle error-based multi-threaded search enumeration - tables without given database">
1783+
<switches>
1784+
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
1785+
<threads value="4"/>
1786+
<tech value="E"/>
1787+
<search value="True"/>
1788+
<tbl value="users"/>
1789+
<answers value="do you want to dump=N"/>
1790+
</switches>
1791+
<parse>
1792+
<item value="r'Database: SYS.+1 table.+USERS.+Database: FLOWS_020100.+2 table.+WWV_FLOW_PICK_END_USERS'"/>
1793+
</parse>
1794+
</case>
1795+
<case name="Oracle UNION query multi-threaded search enumeration - tables without given database">
1796+
<switches>
1797+
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
1798+
<threads value="4"/>
1799+
<tech value="U"/>
1800+
<search value="True"/>
1801+
<tbl value="users"/>
1802+
<answers value="do you want to dump=N"/>
1803+
</switches>
1804+
<parse>
1805+
<item value="r'Database: SYS.+1 table.+USERS.+Database: FLOWS_020100.+2 table.+WWV_FLOW_PICK_END_USERS'"/>
1806+
</parse>
1807+
</case>
1808+
<case name="Oracle boolean-based multi-threaded search enumeration - column without given db or table">
1809+
<switches>
1810+
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
1811+
<threads value="4"/>
1812+
<tech value="B"/>
1813+
<search value="True"/>
1814+
<col value="surname,foobar"/>
1815+
<answers value="do you want to dump=N"/>
1816+
</switches>
1817+
<parse>
1818+
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME'"/>
1819+
</parse>
1820+
</case>
1821+
<case name="Oracle error-based multi-threaded search enumeration - column without given db or table">
1822+
<switches>
1823+
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
1824+
<threads value="4"/>
1825+
<tech value="E"/>
1826+
<search value="True"/>
1827+
<col value="surname,foobar"/>
1828+
<answers value="do you want to dump=N"/>
1829+
</switches>
1830+
<parse>
1831+
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME.+VARCHAR2'"/>
1832+
</parse>
1833+
</case>
1834+
<case name="Oracle UNION query multi-threaded search enumeration - column without given db or table">
1835+
<switches>
1836+
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
1837+
<threads value="4"/>
1838+
<tech value="U"/>
1839+
<search value="True"/>
1840+
<col value="surname,foobar"/>
1841+
<answers value="do you want to dump=N"/>
1842+
</switches>
1843+
<parse>
1844+
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME.+VARCHAR2'"/>
1845+
</parse>
1846+
</case>
1847+
<case name="Oracle boolean-based multi-threaded search enumeration - column given databases">
1848+
<switches>
1849+
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
1850+
<threads value="4"/>
1851+
<tech value="B"/>
1852+
<search value="True"/>
1853+
<db value="sys,foobar"/>
1854+
<col value="surname"/>
1855+
<answers value="do you want to dump=N"/>
1856+
</switches>
1857+
<parse>
1858+
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME'"/>
1859+
</parse>
1860+
</case>
1861+
<case name="Oracle error-based multi-threaded search enumeration - column given databases">
1862+
<switches>
1863+
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
1864+
<threads value="4"/>
1865+
<tech value="E"/>
1866+
<search value="True"/>
1867+
<db value="sys,foobar"/>
1868+
<col value="surname"/>
1869+
<answers value="do you want to dump=N"/>
1870+
</switches>
1871+
<parse>
1872+
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME.+VARCHAR2'"/>
1873+
</parse>
1874+
</case>
1875+
<case name="Oracle UNION query multi-threaded search enumeration - column given databases">
1876+
<switches>
1877+
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
1878+
<threads value="4"/>
1879+
<tech value="U"/>
1880+
<search value="True"/>
1881+
<db value="sys,foobar"/>
1882+
<col value="surname"/>
1883+
<answers value="do you want to dump=N"/>
1884+
</switches>
1885+
<parse>
1886+
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME.+VARCHAR2'"/>
1887+
</parse>
1888+
</case>
1889+
<case name="Oracle boolean-based multi-threaded search enumeration - column given tables">
1890+
<switches>
1891+
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
1892+
<threads value="4"/>
1893+
<tech value="B"/>
1894+
<search value="True"/>
1895+
<tbl value="users,foobar"/>
1896+
<col value="surname"/>
1897+
<answers value="do you want to dump=N"/>
1898+
</switches>
1899+
<parse>
1900+
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME'"/>
1901+
</parse>
1902+
</case>
1903+
<case name="Oracle error-based multi-threaded search enumeration - column given tables">
1904+
<switches>
1905+
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
1906+
<threads value="4"/>
1907+
<tech value="E"/>
1908+
<search value="True"/>
1909+
<tbl value="users,foobar"/>
1910+
<col value="surname"/>
1911+
<answers value="do you want to dump=N"/>
1912+
</switches>
1913+
<parse>
1914+
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME.+VARCHAR2'"/>
1915+
</parse>
1916+
</case>
1917+
<case name="Oracle UNION query multi-threaded search enumeration - column given tables">
1918+
<switches>
1919+
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
1920+
<threads value="4"/>
1921+
<tech value="U"/>
1922+
<search value="True"/>
1923+
<tbl value="users,foobar"/>
1924+
<col value="surname"/>
1925+
<answers value="do you want to dump=N"/>
1926+
</switches>
1927+
<parse>
1928+
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME.+VARCHAR2'"/>
1929+
</parse>
1930+
</case>
1931+
1932+
<case name="Oracle boolean-based multi-threaded search enumeration - column given databases and table">
1933+
<switches>
1934+
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
1935+
<threads value="4"/>
1936+
<tech value="B"/>
1937+
<search value="True"/>
1938+
<db value="sys,foobar"/>
1939+
<tbl value="users"/>
1940+
<col value="surname"/>
1941+
<answers value="do you want to dump=N"/>
1942+
</switches>
1943+
<parse>
1944+
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME'"/>
1945+
</parse>
1946+
</case>
1947+
<case name="Oracle error-based multi-threaded search enumeration - column given databases and table">
1948+
<switches>
1949+
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
1950+
<threads value="4"/>
1951+
<tech value="E"/>
1952+
<search value="True"/>
1953+
<db value="sys,foobar"/>
1954+
<tbl value="users"/>
1955+
<col value="surname"/>
1956+
<answers value="do you want to dump=N"/>
1957+
</switches>
1958+
<parse>
1959+
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME.+VARCHAR2'"/>
1960+
</parse>
1961+
</case>
1962+
<case name="Oracle UNION query multi-threaded search enumeration - column given databases and table">
1963+
<switches>
1964+
<url value="http://debiandev/sqlmap/oracle/get_int.php?id=1"/>
1965+
<threads value="4"/>
1966+
<tech value="U"/>
1967+
<search value="True"/>
1968+
<db value="sys,foobar"/>
1969+
<tbl value="users"/>
1970+
<col value="surname"/>
1971+
<answers value="do you want to dump=N"/>
1972+
</switches>
1973+
<parse>
1974+
<item value="r'Database: SYS.+Table: USERS.+1 column.+SURNAME.+VARCHAR2'"/>
1975+
</parse>
1976+
</case>
1977+
1978+
<!-- TODO: add IBM DB2 test cases -->
16741979
<case name="SQLite multi-threaded search enumeration - database">
16751980
<switches>
16761981
<url value="http://debiandev/sqlmap/sqlite/get_int.php?id=1"/>

0 commit comments

Comments
 (0)
Please sign in to comment.