Morph MORPH
SIGN IN SIGN UP
sqlmapproject / sqlmap UNCLAIMED

Automatic SQL injection and database takeover tool

36996 0 0 Python
Normal View History Raw
Last preparations for DREI
2019-05-08 12:47:52 +02:00
#!/usr/bin/env python
minor update regarding Sybase support
2011-02-19 14:07:08 +00:00
"""
Year bump
2026-01-01 19:12:07 +01:00
Copyright (c) 2006-2026 sqlmap developers (https://sqlmap.org)
Replacing doc/COPYING to LICENSE
2017-10-11 14:50:46 +02:00
See the file 'LICENSE' for copying permission
minor update regarding Sybase support
2011-02-19 14:07:08 +00:00
"""
Couple of small patches
2018-06-20 23:21:55 +02:00
from lib.core.enums import CONTENT_TYPE
Minor refactoring of dictionaries
2012-08-21 11:19:15 +02:00
from lib.core.enums import DBMS
Minor refactoring (Issue #411)
2013-02-25 10:44:04 +01:00
from lib.core.enums import OS
Work for Issue #197 and Issue #49
2012-10-04 11:25:44 +02:00
from lib.core.enums import POST_HINT
Trivial update
2019-06-04 14:44:06 +02:00
from lib.core.settings import ACCESS_ALIASES
Adding support for Altibase
2020-01-27 17:32:31 +01:00
from lib.core.settings import ALTIBASE_ALIASES
Minor refactoring of dictionaries
2012-08-21 11:19:15 +02:00
from lib.core.settings import BLANK
Adding support for InterSystems Cache (and IRIS)
2020-02-25 12:36:07 +01:00
from lib.core.settings import CACHE_ALIASES
Adding support for CrateDB
2020-02-02 14:51:24 +01:00
from lib.core.settings import CRATEDB_ALIASES
Adding initial support for Cubrid
2020-02-03 01:58:12 +01:00
from lib.core.settings import CUBRID_ALIASES
Trivial update
2019-06-04 14:44:06 +02:00
from lib.core.settings import DB2_ALIASES
Adding support for Apache Derby
2020-01-20 15:33:45 +01:00
from lib.core.settings import DERBY_ALIASES
Adding support for eXtremeDB
2020-02-26 17:33:47 +01:00
from lib.core.settings import EXTREMEDB_ALIASES
Trivial update
2019-06-04 14:44:06 +02:00
from lib.core.settings import FIREBIRD_ALIASES
Adding support for FrontBase
2020-03-02 12:43:12 +01:00
from lib.core.settings import FRONTBASE_ALIASES
Trivial update
2019-06-04 14:44:06 +02:00
from lib.core.settings import H2_ALIASES
from lib.core.settings import HSQLDB_ALIASES
from lib.core.settings import INFORMIX_ALIASES
from lib.core.settings import MAXDB_ALIASES
Adding support for Mckoi
2020-01-22 23:41:06 +01:00
from lib.core.settings import MCKOI_ALIASES
Adding support for MimerSQL
2020-01-31 11:33:31 +01:00
from lib.core.settings import MIMERSQL_ALIASES
Adding support for MonetDB
2020-01-17 17:14:41 +01:00
from lib.core.settings import MONETDB_ALIASES
Minor refactoring of dictionaries
2012-08-21 11:19:15 +02:00
from lib.core.settings import MSSQL_ALIASES
from lib.core.settings import MYSQL_ALIASES
Trivial update
2019-06-04 14:44:06 +02:00
from lib.core.settings import NULL
Minor refactoring of dictionaries
2012-08-21 11:19:15 +02:00
from lib.core.settings import ORACLE_ALIASES
Trivial update
2019-06-04 14:44:06 +02:00
from lib.core.settings import PGSQL_ALIASES
Adding support for Presto
2020-01-23 16:59:02 +01:00
from lib.core.settings import PRESTO_ALIASES
Support for Raima Database Manager DBMS
2021-01-11 17:36:23 +01:00
from lib.core.settings import RAIMA_ALIASES
Minor refactoring of dictionaries
2012-08-21 11:19:15 +02:00
from lib.core.settings import SQLITE_ALIASES
from lib.core.settings import SYBASE_ALIASES
Adding support for Vertica
2020-01-21 15:40:59 +01:00
from lib.core.settings import VERTICA_ALIASES
Adding support for Virtuoso DBMS
2021-02-15 14:07:04 +01:00
from lib.core.settings import VIRTUOSO_ALIASES
Add Clickhouse support (#5229) Co-authored-by: pentest <>
2023-02-03 23:10:12 +01:00
from lib.core.settings import CLICKHOUSE_ALIASES
Added "Snowflake" DBMS support (#5980) * Added SQL queries for 'Snowflake' DBMS * Added necessary constants for the 'Snowflake' DBMS * Added the 'Snowflake' DBMS to existing conditional which adds dynamic values to hardcoded statements (queries.xml) * Added plugin logic for the 'Snowflake' DBMS * Modified 'dbs' query to include 'ORDER BY' * Moved 'LIMIT' to appear before 'OFFSET'
2026-01-12 05:59:00 -05:00
from lib.core.settings import SNOWFLAKE_ALIASES
Adding support for Spanner DBMS (#6025)
2026-03-14 10:47:41 +01:00
from lib.core.settings import SPANNER_ALIASES
Minor refactoring of dictionaries
2012-08-21 11:19:15 +02:00
Some more dict refactorings
2012-08-21 11:30:01 +02:00
FIREBIRD_TYPES = {
Update for column types (Issue #552)
2016-09-23 18:03:31 +02:00
261: "BLOB",
14: "CHAR",
40: "CSTRING",
11: "D_FLOAT",
27: "DOUBLE",
10: "FLOAT",
16: "INT64",
8: "INTEGER",
9: "QUAD",
7: "SMALLINT",
12: "DATE",
13: "TIME",
35: "TIMESTAMP",
37: "VARCHAR",
}
INFORMIX_TYPES = {
0: "CHAR",
1: "SMALLINT",
2: "INTEGER",
3: "FLOAT",
4: "SMALLFLOAT",
5: "DECIMAL",
6: "SERIAL",
7: "DATE",
8: "MONEY",
9: "NULL",
10: "DATETIME",
11: "BYTE",
12: "TEXT",
13: "VARCHAR",
14: "INTERVAL",
15: "NCHAR",
16: "NVARCHAR",
17: "INT8",
18: "SERIAL8",
19: "SET",
20: "MULTISET",
21: "LIST",
22: "ROW (unnamed)",
23: "COLLECTION",
40: "Variable-length opaque type",
41: "Fixed-length opaque type",
43: "LVARCHAR",
45: "BOOLEAN",
52: "BIGINT",
53: "BIGSERIAL",
2061: "IDSSECURITYLABEL",
4118: "ROW (named)",
}
minor update regarding Sybase support
2011-02-19 14:07:08 +00:00
Some more dict refactorings
2012-08-21 11:30:01 +02:00
SYBASE_TYPES = {
Update for column types (Issue #552)
2016-09-23 18:03:31 +02:00
14: "floatn",
8: "float",
15: "datetimn",
12: "datetime",
23: "real",
28: "numericn",
10: "numeric",
27: "decimaln",
26: "decimal",
17: "moneyn",
11: "money",
21: "smallmoney",
22: "smalldatetime",
13: "intn",
7: "int",
6: "smallint",
5: "tinyint",
16: "bit",
2: "varchar",
18: "sysname",
25: "nvarchar",
1: "char",
24: "nchar",
4: "varbinary",
80: "timestamp",
3: "binary",
19: "text",
20: "image",
}
minor refactoring
2011-03-09 11:37:37 +00:00
Patch for couple of bugs found during bed-testing
2020-02-07 14:02:45 +01:00
ALTIBASE_TYPES = {
1: "CHAR",
12: "VARCHAR",
-8: "NCHAR",
-9: "NVARCHAR",
2: "NUMERIC",
6: "FLOAT",
8: "DOUBLE",
7: "REAL",
-5: "BIGINT",
4: "INTEGER",
5: "SMALLINT",
9: "DATE",
30: "BLOB",
40: "CLOB",
20001: "BYTE",
20002: "NIBBLE",
-7: "BIT",
-100: "VARBIT",
10003: "GEOMETRY",
}
Some more dict refactorings
2012-08-21 11:30:01 +02:00
MYSQL_PRIVS = {
Update for column types (Issue #552)
2016-09-23 18:03:31 +02:00
1: "select_priv",
2: "insert_priv",
3: "update_priv",
4: "delete_priv",
5: "create_priv",
6: "drop_priv",
7: "reload_priv",
8: "shutdown_priv",
9: "process_priv",
10: "file_priv",
11: "grant_priv",
12: "references_priv",
13: "index_priv",
14: "alter_priv",
15: "show_db_priv",
16: "super_priv",
17: "create_tmp_table_priv",
18: "lock_tables_priv",
19: "execute_priv",
20: "repl_slave_priv",
21: "repl_client_priv",
22: "create_view_priv",
23: "show_view_priv",
24: "create_routine_priv",
25: "alter_routine_priv",
26: "create_user_priv",
}
minor refactoring
2011-03-09 11:37:37 +00:00
Some more dict refactorings
2012-08-21 11:30:01 +02:00
PGSQL_PRIVS = {
Update for column types (Issue #552)
2016-09-23 18:03:31 +02:00
1: "createdb",
2: "super",
Minor improvements
2025-12-30 22:30:52 +01:00
3: "replication",
Update for column types (Issue #552)
2016-09-23 18:03:31 +02:00
}
minor refactoring
2011-03-09 11:37:37 +00:00
Fixes #1304
2015-07-17 14:20:51 +02:00
# Reference(s): http://stackoverflow.com/a/17672504
# http://docwiki.embarcadero.com/InterBase/XE7/en/RDB$USER_PRIVILEGES
Some more dict refactorings
2012-08-21 11:30:01 +02:00
FIREBIRD_PRIVS = {
Update for column types (Issue #552)
2016-09-23 18:03:31 +02:00
"S": "SELECT",
"I": "INSERT",
"U": "UPDATE",
"D": "DELETE",
"R": "REFERENCE",
"X": "EXECUTE",
"A": "ALL",
"M": "MEMBER",
"T": "DECRYPT",
"E": "ENCRYPT",
"B": "SUBSCRIBE",
}
Added DB2 support - patch provided by Sebastian Bittig
2011-06-25 09:44:24 +00:00
Support for Informix --roles/--privileges (Issue #552)
2016-09-26 14:20:04 +02:00
# Reference(s): https://www.ibm.com/support/knowledgecenter/SSGU8G_12.1.0/com.ibm.sqls.doc/ids_sqs_0147.htm
# https://www.ibm.com/support/knowledgecenter/SSGU8G_11.70.0/com.ibm.sqlr.doc/ids_sqr_077.htm
INFORMIX_PRIVS = {
"D": "DBA (all privileges)",
"R": "RESOURCE (create UDRs, UDTs, permanent tables and indexes)",
"C": "CONNECT (work with existing tables)",
"G": "ROLE",
"U": "DEFAULT (implicit connection)",
}
Some more dict refactorings
2012-08-21 11:30:01 +02:00
DB2_PRIVS = {
Update for column types (Issue #552)
2016-09-23 18:03:31 +02:00
1: "CONTROLAUTH",
2: "ALTERAUTH",
3: "DELETEAUTH",
4: "INDEXAUTH",
5: "INSERTAUTH",
6: "REFAUTH",
7: "SELECTAUTH",
8: "UPDATEAUTH",
}
Minor refactoring of dictionaries
2012-08-21 11:19:15 +02:00
Some more dict refactorings
2012-08-21 11:30:01 +02:00
DUMP_REPLACEMENTS = {" ": NULL, "": BLANK}
Minor refactoring of dictionaries
2012-08-21 11:19:15 +02:00
DBMS_DICT = {
Patch for an Issue #2297
2016-12-06 15:43:09 +01:00
DBMS.MSSQL: (MSSQL_ALIASES, "python-pymssql", "https://github.com/pymssql/pymssql", "mssql+pymssql"),
Revisiting some of links
2017-12-12 13:39:58 +01:00
DBMS.MYSQL: (MYSQL_ALIASES, "python-pymysql", "https://github.com/PyMySQL/PyMySQL", "mysql"),
Minor patch of links
2021-02-08 22:42:08 +01:00
DBMS.PGSQL: (PGSQL_ALIASES, "python-psycopg2", "https://github.com/psycopg/psycopg2", "postgresql"),
Update regarding the #5911
2025-06-16 12:14:24 +02:00
DBMS.ORACLE: (ORACLE_ALIASES, "python-oracledb", "https://oracle.github.io/python-oracledb/", "oracle"),
Minor patch of links
2021-02-08 22:42:08 +01:00
DBMS.SQLITE: (SQLITE_ALIASES, "python-sqlite", "https://docs.python.org/3/library/sqlite3.html", "sqlite"),
Patch for an Issue #2297
2016-12-06 15:43:09 +01:00
DBMS.ACCESS: (ACCESS_ALIASES, "python-pyodbc", "https://github.com/mkleehammer/pyodbc", "access"),
Minor update
2026-01-18 17:02:29 +01:00
DBMS.FIREBIRD: (FIREBIRD_ALIASES, "python-kinterbasdb", "https://kinterbasdb.sourceforge.net/", "firebird"),
Update for column types (Issue #552)
2016-09-23 18:03:31 +02:00
DBMS.MAXDB: (MAXDB_ALIASES, None, None, "maxdb"),
Patch for an Issue #2297
2016-12-06 15:43:09 +01:00
DBMS.SYBASE: (SYBASE_ALIASES, "python-pymssql", "https://github.com/pymssql/pymssql", "sybase"),
Update for column types (Issue #552)
2016-09-23 18:03:31 +02:00
DBMS.DB2: (DB2_ALIASES, "python ibm-db", "https://github.com/ibmdb/python-ibmdb", "ibm_db_sa"),
Minor patch of links
2022-02-27 21:36:48 +01:00
DBMS.HSQLDB: (HSQLDB_ALIASES, "python jaydebeapi & python-jpype", "https://pypi.python.org/pypi/JayDeBeApi/ & https://github.com/jpype-project/jpype", None),
Fixes #3303
2018-10-16 19:37:27 +02:00
DBMS.H2: (H2_ALIASES, None, None, None),
Update for column types (Issue #552)
2016-09-23 18:03:31 +02:00
DBMS.INFORMIX: (INFORMIX_ALIASES, "python ibm-db", "https://github.com/ibmdb/python-ibmdb", "ibm_db_sa"),
Adding support for MonetDB
2020-01-17 17:14:41 +01:00
DBMS.MONETDB: (MONETDB_ALIASES, "pymonetdb", "https://github.com/gijzelaerr/pymonetdb", "monetdb"),
Adding support for Apache Derby
2020-01-20 15:33:45 +01:00
DBMS.DERBY: (DERBY_ALIASES, "pydrda", "https://github.com/nakagami/pydrda/", None),
Adding support for Vertica
2020-01-21 15:40:59 +01:00
DBMS.VERTICA: (VERTICA_ALIASES, "vertica-python", "https://github.com/vertica/vertica-python", "vertica+vertica_python"),
Adding support for Mckoi
2020-01-22 23:41:06 +01:00
DBMS.MCKOI: (MCKOI_ALIASES, None, None, None),
Adding support for Presto
2020-01-23 16:59:02 +01:00
DBMS.PRESTO: (PRESTO_ALIASES, "presto-python-client", "https://github.com/prestodb/presto-python-client", None),
Adding support for Altibase
2020-01-27 17:32:31 +01:00
DBMS.ALTIBASE: (ALTIBASE_ALIASES, None, None, None),
Adding support for MimerSQL
2020-01-31 11:33:31 +01:00
DBMS.MIMERSQL: (MIMERSQL_ALIASES, "mimerpy", "https://github.com/mimersql/MimerPy", None),
Add Clickhouse support (#5229) Co-authored-by: pentest <>
2023-02-03 23:10:12 +01:00
DBMS.CLICKHOUSE: (CLICKHOUSE_ALIASES, "clickhouse_connect", "https://github.com/ClickHouse/clickhouse-connect", None),
Minor patch of links
2022-02-27 21:36:48 +01:00
DBMS.CRATEDB: (CRATEDB_ALIASES, "python-psycopg2", "https://github.com/psycopg/psycopg2", "postgresql"),
Adding initial support for Cubrid
2020-02-03 01:58:12 +01:00
DBMS.CUBRID: (CUBRID_ALIASES, "CUBRID-Python", "https://github.com/CUBRID/cubrid-python", None),
Minor patch of links
2022-02-27 21:36:48 +01:00
DBMS.CACHE: (CACHE_ALIASES, "python jaydebeapi & python-jpype", "https://pypi.python.org/pypi/JayDeBeApi/ & https://github.com/jpype-project/jpype", None),
Adding support for eXtremeDB
2020-02-26 17:33:47 +01:00
DBMS.EXTREMEDB: (EXTREMEDB_ALIASES, None, None, None),
Adding support for FrontBase
2020-03-02 12:43:12 +01:00
DBMS.FRONTBASE: (FRONTBASE_ALIASES, None, None, None),
Support for Raima Database Manager DBMS
2021-01-11 17:36:23 +01:00
DBMS.RAIMA: (RAIMA_ALIASES, None, None, None),
Adding support for Virtuoso DBMS
2021-02-15 14:07:04 +01:00
DBMS.VIRTUOSO: (VIRTUOSO_ALIASES, None, None, None),
Added "Snowflake" DBMS support (#5980) * Added SQL queries for 'Snowflake' DBMS * Added necessary constants for the 'Snowflake' DBMS * Added the 'Snowflake' DBMS to existing conditional which adds dynamic values to hardcoded statements (queries.xml) * Added plugin logic for the 'Snowflake' DBMS * Modified 'dbs' query to include 'ORDER BY' * Moved 'LIMIT' to appear before 'OFFSET'
2026-01-12 05:59:00 -05:00
DBMS.SNOWFLAKE: (SNOWFLAKE_ALIASES, None, None, "snowflake"),
Adding support for Spanner DBMS (#6025)
2026-03-14 10:47:41 +01:00
DBMS.SPANNER: (SPANNER_ALIASES, None, None, "spanner"),
Update for column types (Issue #552)
2016-09-23 18:03:31 +02:00
}
Minor refactoring of dictionaries
2012-08-21 11:19:15 +02:00
Minor patch
2020-01-23 10:53:06 +01:00
# Reference: https://blog.jooq.org/tag/sysibm-sysdummy1/
Minor refactoring of dictionaries
2012-08-21 11:19:15 +02:00
FROM_DUMMY_TABLE = {
Update for column types (Issue #552)
2016-09-23 18:03:31 +02:00
DBMS.ORACLE: " FROM DUAL",
DBMS.ACCESS: " FROM MSysAccessObjects",
DBMS.FIREBIRD: " FROM RDB$DATABASE",
Minor patch
2026-01-13 20:42:37 +01:00
DBMS.MAXDB: " FROM DUAL",
Update for column types (Issue #552)
2016-09-23 18:03:31 +02:00
DBMS.DB2: " FROM SYSIBM.SYSDUMMY1",
DBMS.HSQLDB: " FROM INFORMATION_SCHEMA.SYSTEM_USERS",
Adding support for Apache Derby
2020-01-20 15:33:45 +01:00
DBMS.INFORMIX: " FROM SYSMASTER:SYSDUAL",
Adding support for Altibase
2020-01-27 17:32:31 +01:00
DBMS.DERBY: " FROM SYSIBM.SYSDUMMY1",
Adding support for MimerSQL
2020-01-31 11:33:31 +01:00
DBMS.MIMERSQL: " FROM SYSTEM.ONEROW",
Adding support for FrontBase
2020-03-02 12:43:12 +01:00
DBMS.FRONTBASE: " FROM INFORMATION_SCHEMA.IO_STATISTICS"
Adding support for Altibase
2020-01-27 17:32:31 +01:00
}
HEURISTIC_NULL_EVAL = {
DBMS.ACCESS: "CVAR(NULL)",
DBMS.MAXDB: "ALPHA(NULL)",
Minor improvements
2025-12-30 22:30:52 +01:00
DBMS.MSSQL: "PARSENAME(NULL,NULL)",
Bug fix for fingerprinting MySQL
2025-12-25 14:11:57 +01:00
DBMS.MYSQL: "IFNULL(QUARTER(NULL),NULL XOR NULL)", # NOTE: previous form (i.e., QUARTER(NULL XOR NULL)) was bad as some optimization engines wrongly evaluate QUARTER(NULL XOR NULL) to 0
Adding support for Altibase
2020-01-27 17:32:31 +01:00
DBMS.ORACLE: "INSTR2(NULL,NULL)",
DBMS.PGSQL: "QUOTE_IDENT(NULL)",
Minor update
2025-12-30 22:17:41 +01:00
DBMS.SQLITE: "JULIANDAY(NULL)",
Minor update
2020-02-03 11:52:42 +01:00
DBMS.H2: "STRINGTOUTF8(NULL)",
Adding support for Altibase
2020-01-27 17:32:31 +01:00
DBMS.MONETDB: "CODE(NULL)",
DBMS.DERBY: "NULLIF(USER,SESSION_USER)",
DBMS.VERTICA: "BITSTRING_TO_BINARY(NULL)",
DBMS.MCKOI: "TONUMBER(NULL)",
DBMS.PRESTO: "FROM_HEX(NULL)",
DBMS.ALTIBASE: "TDESENCRYPT(NULL,NULL)",
Adding support for CrateDB
2020-02-02 14:51:24 +01:00
DBMS.MIMERSQL: "ASCII_CHAR(256)",
Bug fix for fingerprinting MySQL
2025-12-25 14:11:57 +01:00
DBMS.CRATEDB: "MD5(NULL~NULL)", # NOTE: NULL~NULL also being evaluated on H2 and Ignite
Adding initial support for Cubrid
2020-02-03 01:58:12 +01:00
DBMS.CUBRID: "(NULL SETEQ NULL)",
Adding support for InterSystems Cache (and IRIS)
2020-02-25 12:36:07 +01:00
DBMS.CACHE: "%SQLUPPER NULL",
Adding support for eXtremeDB
2020-02-26 17:33:47 +01:00
DBMS.EXTREMEDB: "NULLIFZERO(hashcode(NULL))",
Minor update
2025-12-30 22:34:21 +01:00
DBMS.RAIMA: "IF(ROWNUMBER()>0,CONVERT(NULL,TINYINT),NULL)",
Adding support for Virtuoso DBMS
2021-02-15 14:07:04 +01:00
DBMS.VIRTUOSO: "__MAX_NOTNULL(NULL)",
Heuristic checks for Snowflake implementation (#5980)
2026-01-12 21:28:41 +01:00
DBMS.CLICKHOUSE: "halfMD5(NULL)",
DBMS.SNOWFLAKE: "BOOLNOT(NULL)",
Adding support for Spanner DBMS (#6025)
2026-03-14 10:47:41 +01:00
DBMS.SPANNER: "FARM_FINGERPRINT(NULL)",
Update for column types (Issue #552)
2016-09-23 18:03:31 +02:00
}
Minor refactoring of dictionaries
2012-08-21 11:19:15 +02:00
SQL_STATEMENTS = {
Some more PEPing (I hope that I haven't broke anything)
2018-03-13 13:45:42 +01:00
"SQL SELECT statement": (
"select ",
"show ",
" top ",
" distinct ",
" from ",
" from dual",
" where ",
" group by ",
" order by ",
" having ",
" limit ",
" offset ",
" union all ",
" rownum as ",
"(case ",
),
Update for column types (Issue #552)
2016-09-23 18:03:31 +02:00
Some more PEPing (I hope that I haven't broke anything)
2018-03-13 13:45:42 +01:00
"SQL data definition": (
Update for column types (Issue #552)
2016-09-23 18:03:31 +02:00
"create ",
"declare ",
"drop ",
"truncate ",
Some more PEPing (I hope that I haven't broke anything)
2018-03-13 13:45:42 +01:00
"alter ",
),
Update for column types (Issue #552)
2016-09-23 18:03:31 +02:00
"SQL data manipulation": (
Some more PEPing (I hope that I haven't broke anything)
2018-03-13 13:45:42 +01:00
"bulk ",
"insert ",
"update ",
"delete ",
"merge ",
Minor update
2025-12-30 22:34:21 +01:00
"copy ",
Some more PEPing (I hope that I haven't broke anything)
2018-03-13 13:45:42 +01:00
"load ",
),
Update for column types (Issue #552)
2016-09-23 18:03:31 +02:00
Some more PEPing (I hope that I haven't broke anything)
2018-03-13 13:45:42 +01:00
"SQL data control": (
"grant ",
"revoke ",
),
Update for column types (Issue #552)
2016-09-23 18:03:31 +02:00
Some more PEPing (I hope that I haven't broke anything)
2018-03-13 13:45:42 +01:00
"SQL data execution": (
"exec ",
"execute ",
"values ",
"call ",
),
Update for column types (Issue #552)
2016-09-23 18:03:31 +02:00
Some more PEPing (I hope that I haven't broke anything)
2018-03-13 13:45:42 +01:00
"SQL transaction": (
"start transaction ",
"begin work ",
"begin transaction ",
"commit ",
"rollback ",
),
Minor update regarding #3230
2018-09-10 12:43:59 +02:00
"SQL administration": (
"set ",
),
Update for column types (Issue #552)
2016-09-23 18:03:31 +02:00
}
Work for Issue #197 and Issue #49
2012-10-04 11:25:44 +02:00
POST_HINT_CONTENT_TYPES = {
Update for column types (Issue #552)
2016-09-23 18:03:31 +02:00
POST_HINT.JSON: "application/json",
POST_HINT.JSON_LIKE: "application/json",
POST_HINT.MULTIPART: "multipart/form-data",
POST_HINT.SOAP: "application/soap+xml",
POST_HINT.XML: "application/xml",
POST_HINT.ARRAY_LIKE: "application/x-www-form-urlencoded; charset=utf-8",
}
Deprecating --replicate (Issue #254)
2012-11-28 11:10:57 +01:00
Refactoring of obsolete switch/options cases
2019-05-27 13:23:50 +02:00
OBSOLETE_OPTIONS = {
Update for column types (Issue #552)
2016-09-23 18:03:31 +02:00
"--replicate": "use '--dump-format=SQLITE' instead",
"--no-unescape": "use '--no-escape' instead",
"--binary": "use '--binary-fields' instead",
"--auth-private": "use '--auth-file' instead",
Update related to the #2663
2017-08-23 13:17:37 +02:00
"--ignore-401": "use '--ignore-code' instead",
Second commit regarding #739
2018-06-19 16:11:49 +02:00
"--second-order": "use '--second-url' instead",
Minor patches (--purge instead of --purge-output)
2018-06-20 23:52:08 +02:00
"--purge-output": "use '--purge' instead",
Minor refactoring
2021-02-11 13:00:54 +01:00
"--sqlmap-shell": "use '--shell' instead",
Update for column types (Issue #552)
2016-09-23 18:03:31 +02:00
"--check-payload": None,
"--check-waf": None,
Fixes #405
2017-04-10 14:50:17 +02:00
"--pickled-options": "use '--api -c ...' instead",
Minor update
2021-05-12 13:14:13 +02:00
"--identify-waf": "functionality being done automatically",
Update for column types (Issue #552)
2016-09-23 18:03:31 +02:00
}
Implementation for an Issue #340
2013-01-15 16:05:33 +01:00
Adding deprecated options (along with obsolete)
2019-06-06 13:08:56 +02:00
DEPRECATED_OPTIONS = {
}
Implementation for an Issue #340
2013-01-15 16:05:33 +01:00
DUMP_DATA_PREPROCESS = {
Minor update
2025-12-30 22:17:41 +01:00
DBMS.ORACLE: {"XMLTYPE": "(%s).getStringVal()"},
DBMS.MSSQL: {
"IMAGE": "CONVERT(VARBINARY(MAX),%s)",
"GEOMETRY": "(%s).STAsText()",
"GEOGRAPHY": "(%s).STAsText()"
},
DBMS.PGSQL: {
"GEOMETRY": "ST_AsText(%s)",
"GEOGRAPHY": "ST_AsText(%s)"
},
DBMS.MYSQL: {
"GEOMETRY": "ST_AsText(%s)"
}
Update for column types (Issue #552)
2016-09-23 18:03:31 +02:00
}
Minor refactoring (Issue #411)
2013-02-25 10:44:04 +01:00
DEFAULT_DOC_ROOTS = {
Update for column types (Issue #552)
2016-09-23 18:03:31 +02:00
OS.WINDOWS: ("C:/xampp/htdocs/", "C:/wamp/www/", "C:/Inetpub/wwwroot/"),
Minor improvements
2025-12-30 22:30:52 +01:00
OS.LINUX: ("/var/www/", "/var/www/html", "/var/www/htdocs", "/usr/local/apache2/htdocs", "/usr/local/www/data", "/var/apache2/htdocs", "/var/www/nginx-default", "/srv/www/htdocs", "/usr/local/var/www", "/usr/share/nginx/html")
Update for column types (Issue #552)
2016-09-23 18:03:31 +02:00
}
Couple of small patches
2018-06-20 23:21:55 +02:00
PART_RUN_CONTENT_TYPES = {
"checkDbms": CONTENT_TYPE.TECHNIQUES,
"getFingerprint": CONTENT_TYPE.DBMS_FINGERPRINT,
"getBanner": CONTENT_TYPE.BANNER,
"getCurrentUser": CONTENT_TYPE.CURRENT_USER,
"getCurrentDb": CONTENT_TYPE.CURRENT_DB,
"getHostname": CONTENT_TYPE.HOSTNAME,
"isDba": CONTENT_TYPE.IS_DBA,
"getUsers": CONTENT_TYPE.USERS,
"getPasswordHashes": CONTENT_TYPE.PASSWORDS,
"getPrivileges": CONTENT_TYPE.PRIVILEGES,
"getRoles": CONTENT_TYPE.ROLES,
"getDbs": CONTENT_TYPE.DBS,
"getTables": CONTENT_TYPE.TABLES,
"getColumns": CONTENT_TYPE.COLUMNS,
"getSchema": CONTENT_TYPE.SCHEMA,
"getCount": CONTENT_TYPE.COUNT,
"dumpTable": CONTENT_TYPE.DUMP_TABLE,
"search": CONTENT_TYPE.SEARCH,
"sqlQuery": CONTENT_TYPE.SQL_QUERY,
"tableExists": CONTENT_TYPE.COMMON_TABLES,
"columnExists": CONTENT_TYPE.COMMON_COLUMNS,
"readFile": CONTENT_TYPE.FILE_READ,
"writeFile": CONTENT_TYPE.FILE_WRITE,
"osCmd": CONTENT_TYPE.OS_CMD,
"regRead": CONTENT_TYPE.REG_READ
}
Minor updates
2019-07-03 10:56:05 +02:00
# Reference: http://www.w3.org/TR/1999/REC-html401-19991224/sgml/entities.html
HTML_ENTITIES = {
"quot": 34,
"amp": 38,
More fine-tuning for #4505 (in case of --no-escape)
2021-01-04 13:51:51 +01:00
"apos": 39,
Minor updates
2019-07-03 10:56:05 +02:00
"lt": 60,
"gt": 62,
"nbsp": 160,
"iexcl": 161,
"cent": 162,
"pound": 163,
"curren": 164,
"yen": 165,
"brvbar": 166,
"sect": 167,
"uml": 168,
"copy": 169,
"ordf": 170,
"laquo": 171,
"not": 172,
"shy": 173,
"reg": 174,
"macr": 175,
"deg": 176,
"plusmn": 177,
"sup2": 178,
"sup3": 179,
"acute": 180,
"micro": 181,
"para": 182,
"middot": 183,
"cedil": 184,
"sup1": 185,
"ordm": 186,
"raquo": 187,
"frac14": 188,
"frac12": 189,
"frac34": 190,
"iquest": 191,
"Agrave": 192,
"Aacute": 193,
"Acirc": 194,
"Atilde": 195,
"Auml": 196,
"Aring": 197,
"AElig": 198,
"Ccedil": 199,
"Egrave": 200,
"Eacute": 201,
"Ecirc": 202,
"Euml": 203,
"Igrave": 204,
"Iacute": 205,
"Icirc": 206,
"Iuml": 207,
"ETH": 208,
"Ntilde": 209,
"Ograve": 210,
"Oacute": 211,
"Ocirc": 212,
"Otilde": 213,
"Ouml": 214,
"times": 215,
"Oslash": 216,
"Ugrave": 217,
"Uacute": 218,
"Ucirc": 219,
"Uuml": 220,
"Yacute": 221,
"THORN": 222,
"szlig": 223,
"agrave": 224,
"aacute": 225,
"acirc": 226,
"atilde": 227,
"auml": 228,
"aring": 229,
"aelig": 230,
"ccedil": 231,
"egrave": 232,
"eacute": 233,
"ecirc": 234,
"euml": 235,
"igrave": 236,
"iacute": 237,
"icirc": 238,
"iuml": 239,
"eth": 240,
"ntilde": 241,
"ograve": 242,
"oacute": 243,
"ocirc": 244,
"otilde": 245,
"ouml": 246,
"divide": 247,
"oslash": 248,
"ugrave": 249,
"uacute": 250,
"ucirc": 251,
"uuml": 252,
"yacute": 253,
"thorn": 254,
"yuml": 255,
"OElig": 338,
"oelig": 339,
"Scaron": 352,
"fnof": 402,
"scaron": 353,
"Yuml": 376,
"circ": 710,
"tilde": 732,
"Alpha": 913,
"Beta": 914,
"Gamma": 915,
"Delta": 916,
"Epsilon": 917,
"Zeta": 918,
"Eta": 919,
"Theta": 920,
"Iota": 921,
"Kappa": 922,
"Lambda": 923,
"Mu": 924,
"Nu": 925,
"Xi": 926,
"Omicron": 927,
"Pi": 928,
"Rho": 929,
"Sigma": 931,
"Tau": 932,
"Upsilon": 933,
"Phi": 934,
"Chi": 935,
"Psi": 936,
"Omega": 937,
"alpha": 945,
"beta": 946,
"gamma": 947,
"delta": 948,
"epsilon": 949,
"zeta": 950,
"eta": 951,
"theta": 952,
"iota": 953,
"kappa": 954,
"lambda": 955,
"mu": 956,
"nu": 957,
"xi": 958,
"omicron": 959,
"pi": 960,
"rho": 961,
"sigmaf": 962,
"sigma": 963,
"tau": 964,
"upsilon": 965,
"phi": 966,
"chi": 967,
"psi": 968,
"omega": 969,
"thetasym": 977,
"upsih": 978,
"piv": 982,
"bull": 8226,
"hellip": 8230,
"prime": 8242,
"Prime": 8243,
"oline": 8254,
"frasl": 8260,
"ensp": 8194,
"emsp": 8195,
"thinsp": 8201,
"zwnj": 8204,
"zwj": 8205,
"lrm": 8206,
"rlm": 8207,
"ndash": 8211,
"mdash": 8212,
"lsquo": 8216,
"rsquo": 8217,
"sbquo": 8218,
"ldquo": 8220,
"rdquo": 8221,
"bdquo": 8222,
"dagger": 8224,
"Dagger": 8225,
"permil": 8240,
"lsaquo": 8249,
"rsaquo": 8250,
"euro": 8364,
"weierp": 8472,
"image": 8465,
"real": 8476,
"trade": 8482,
"alefsym": 8501,
"larr": 8592,
"uarr": 8593,
"rarr": 8594,
"darr": 8595,
"harr": 8596,
"crarr": 8629,
"lArr": 8656,
"uArr": 8657,
"rArr": 8658,
"dArr": 8659,
"hArr": 8660,
"forall": 8704,
"part": 8706,
"exist": 8707,
"empty": 8709,
"nabla": 8711,
"isin": 8712,
"notin": 8713,
"ni": 8715,
"prod": 8719,
"sum": 8721,
"minus": 8722,
"lowast": 8727,
"radic": 8730,
"prop": 8733,
"infin": 8734,
"ang": 8736,
"and": 8743,
"or": 8744,
"cap": 8745,
"cup": 8746,
"int": 8747,
"there4": 8756,
"sim": 8764,
"cong": 8773,
"asymp": 8776,
"ne": 8800,
"equiv": 8801,
"le": 8804,
"ge": 8805,
"sub": 8834,
"sup": 8835,
"nsub": 8836,
"sube": 8838,
"supe": 8839,
"oplus": 8853,
"otimes": 8855,
"perp": 8869,
"sdot": 8901,
"lceil": 8968,
"rceil": 8969,
"lfloor": 8970,
"rfloor": 8971,
"lang": 9001,
"rang": 9002,
"loz": 9674,
"spades": 9824,
"clubs": 9827,
"hearts": 9829,
"diams": 9830
}
Reference in New Issue Copy Permalink