Skip to content

Commit 8a2b994

Browse files
bdamelebdamele
committed
added SQLite test cases (issue #312)
1 parent 413b5e7 commit 8a2b994

File tree

1 file changed

+272
-12
lines changed

1 file changed

+272
-12
lines changed

xml/livetests.xml

+272-12
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@
1010
<flushSession value="True"/>
1111
<disableColoring value="True"/>
1212
<verbose value="1"/>
13+
<cleanup value="1"/>
1314
</global>
1415
<!-- Common enumeration switches across all techniques -->
1516
<case name="MySQL boolean-based multi-threaded enumeration - all entries">
@@ -473,6 +474,150 @@
473474
<item value="r'Database: public.+Table: users.+5 entries.+luther.+nameisnull.+'"/>
474475
</parse>
475476
</case>
477+
<case name="SQLite boolean-based multi-threaded enumeration - all entries">
478+
<switches>
479+
<url value="http://debiandev/sqlmap/sqlite/get_int.php?id=1"/>
480+
<threads value="4"/>
481+
<tech value="B"/>
482+
<extensiveFp value="True"/>
483+
<getBanner value="True"/>
484+
<getCurrentUser value="True"/>
485+
<getCurrentDb value="True"/>
486+
<getHostname value="True"/>
487+
<isDba value="True"/>
488+
<getUsers value="True"/>
489+
<getPasswordHashes value="True"/>
490+
<getPrivileges value="True"/>
491+
<getRoles value="True"/>
492+
<getDbs value="True"/>
493+
<getTables value="True"/>
494+
<getColumns value="True"/>
495+
<getCount value="True"/>
496+
<dumpTable value="True"/>
497+
<db value="testdb"/>
498+
<tbl value="users"/>
499+
<excludeSysDbs value="True"/>
500+
</switches>
501+
<parse>
502+
<item value="Title: AND boolean-based blind - WHERE or HAVING clause"/>
503+
<item value="r'back-end DBMS: active fingerprint: SQLite 2'"/>
504+
<item value="banner: '2.8.17'"/>
505+
<item value="r'Database: SQLite_masterdb.+1 table.+users'"/>
506+
<item value="r'Database: SQLite_masterdb.+Table: users.+3 columns.+surname.+TEXT'"/>
507+
<item value="r'Database: SQLite_masterdb.+Table: users.+5 entries.+luther.+nameisnull.+'"/>
508+
</parse>
509+
</case>
510+
<case name="SQLite UNION query multi-threaded enumeration - all entries">
511+
<switches>
512+
<url value="http://debiandev/sqlmap/sqlite/get_int.php?id=1"/>
513+
<threads value="4"/>
514+
<tech value="U"/>
515+
<extensiveFp value="True"/>
516+
<getBanner value="True"/>
517+
<getCurrentUser value="True"/>
518+
<getCurrentDb value="True"/>
519+
<getHostname value="True"/>
520+
<isDba value="True"/>
521+
<getUsers value="True"/>
522+
<getPasswordHashes value="True"/>
523+
<getPrivileges value="True"/>
524+
<getRoles value="True"/>
525+
<getDbs value="True"/>
526+
<getTables value="True"/>
527+
<getColumns value="True"/>
528+
<getCount value="True"/>
529+
<dumpTable value="True"/>
530+
<db value="testdb"/>
531+
<tbl value="users"/>
532+
<excludeSysDbs value="True"/>
533+
</switches>
534+
<parse>
535+
<item value="Title: Generic UNION query (NULL) - 3 columns"/>
536+
<item value="r'back-end DBMS: active fingerprint: SQLite 2'"/>
537+
<item value="banner: '2.8.17'"/>
538+
<item value="r'Database: SQLite_masterdb.+1 table.+users'"/>
539+
<item value="r'Database: SQLite_masterdb.+Table: users.+3 columns.+surname.+TEXT'"/>
540+
<item value="r'Database: SQLite_masterdb.+Table: users.+4 entries.+luther.+user agent.+'"/>
541+
</parse>
542+
</case>
543+
<case name="SQLite partial UNION query multi-threaded enumeration - all entries">
544+
<switches>
545+
<url value="http://debiandev/sqlmap/sqlite/get_int_partialunion.php?id=1"/>
546+
<threads value="4"/>
547+
<tech value="U"/>
548+
<extensiveFp value="True"/>
549+
<getBanner value="True"/>
550+
<getCurrentUser value="True"/>
551+
<getCurrentDb value="True"/>
552+
<getHostname value="True"/>
553+
<isDba value="True"/>
554+
<getUsers value="True"/>
555+
<getPasswordHashes value="True"/>
556+
<getPrivileges value="True"/>
557+
<getRoles value="True"/>
558+
<getDbs value="True"/>
559+
<getTables value="True"/>
560+
<getColumns value="True"/>
561+
<getCount value="True"/>
562+
<dumpTable value="True"/>
563+
<db value="testdb"/>
564+
<tbl value="users"/>
565+
</switches>
566+
<parse>
567+
<item value="Title: Generic UNION query (NULL) - 3 columns"/>
568+
<item value="r'back-end DBMS: active fingerprint: SQLite 2'"/>
569+
<item value="banner: '2.8.17'"/>
570+
<item value="r'Database: SQLite_masterdb.+1 table.+users'"/>
571+
<item value="r'Database: SQLite_masterdb.+Table: users.+3 columns.+surname.+TEXT'"/>
572+
<item value="r'Database: SQLite_masterdb.+Table: users.+4 entries.+luther.+user agent.+'"/>
573+
</parse>
574+
</case>
575+
<case name="SQLite 3 time-based single-threaded enumeration - all entries">
576+
<switches>
577+
<url value="http://debiandev/sqlmap/sqlite/get_int_3_nooutput.php?id=1"/>
578+
<tech value="T"/>
579+
<level value="3"/>
580+
<risk value="2"/>
581+
<timeSec value="2"/>
582+
<getBanner value="True"/>
583+
</switches>
584+
<parse>
585+
<item value="Title: SQLite &gt; 2.0 AND time-based blind (heavy query)"/>
586+
<item value="banner: '3.7.3'"/>
587+
</parse>
588+
</case>
589+
<case name="SQLite inline queries multi-threaded enumeration - all entries">
590+
<switches>
591+
<url value="http://debiandev/sqlmap/sqlite/get_int_inline.php?id=1"/>
592+
<threads value="4"/>
593+
<tech value="Q"/>
594+
<extensiveFp value="True"/>
595+
<getBanner value="True"/>
596+
<getCurrentUser value="True"/>
597+
<getCurrentDb value="True"/>
598+
<getHostname value="True"/>
599+
<isDba value="True"/>
600+
<getUsers value="True"/>
601+
<getPasswordHashes value="True"/>
602+
<getPrivileges value="True"/>
603+
<getRoles value="True"/>
604+
<getDbs value="True"/>
605+
<getTables value="True"/>
606+
<getColumns value="True"/>
607+
<getCount value="True"/>
608+
<dumpTable value="True"/>
609+
<db value="testdb"/>
610+
<tbl value="users"/>
611+
</switches>
612+
<parse>
613+
<item value="Title: SQLite inline queries"/>
614+
<item value="r'back-end DBMS: active fingerprint: SQLite 2'"/>
615+
<item value="banner: '2.8.17'"/>
616+
<item value="r'Database: SQLite_masterdb.+1 table.+users'"/>
617+
<item value="r'Database: SQLite_masterdb.+Table: users.+3 columns.+surname.+TEXT'"/>
618+
<item value="r'Database: SQLite_masterdb.+Table: users.+5 entries.+luther.+nameisnull.+'"/>
619+
</parse>
620+
</case>
476621
<!-- End of common enumeration switches across all techniques -->
477622

478623
<!-- Custom enumeration switches -->
@@ -578,6 +723,39 @@
578723
<item value="r'Database: public.+Table: users.+5 entries.+the | iss.+&lt;blank&gt; | mei'"/>
579724
</parse>
580725
</case>
726+
<case name="SQLite UNION query multi-threaded custom enumeration">
727+
<switches>
728+
<url value="http://debiandev/sqlmap/sqlite/get_int.php?id=1"/>
729+
<threads value="4"/>
730+
<tech value="U"/>
731+
<getSchema value="True"/>
732+
<dumpTable value="True"/>
733+
<db value="testdb"/>
734+
<tbl value="users"/>
735+
<limitStart value="2"/>
736+
<limitStop value="4"/>
737+
<excludeSysDbs value="True"/>
738+
</switches>
739+
<parse>
740+
<item value="r'Database: SQLite_masterdb.+Table: users.+3 columns.+surname.+TEXT'"/>
741+
<item value="r'Database: SQLite_masterdb.+Table: users.+3 entries.+fluffy.+bunny.+wu.+ming'"/>
742+
</parse>
743+
</case>
744+
<case name="SQLite boolean-based multi-threaded custom enumeration - substring">
745+
<switches>
746+
<url value="http://debiandev/sqlmap/sqlite/get_int.php?id=1"/>
747+
<threads value="4"/>
748+
<tech value="B"/>
749+
<dumpTable value="True"/>
750+
<db value="testdb"/>
751+
<tbl value="users"/>
752+
<firstChar value="3"/>
753+
<lastChar value="5"/>
754+
</switches>
755+
<parse>
756+
<item value="r'Database: SQLite_masterdb.+Table: users.+5 entries.+the | iss.+&lt;blank&gt; | mei'"/>
757+
</parse>
758+
</case>
581759
<!-- End of custom enumeration switches -->
582760

583761
<!-- Search enumeration switches -->
@@ -1172,6 +1350,43 @@
11721350
<item value="r'Database: information_schema.+Table: sql_parts.+1 column.+feature_name.+character_data'"/>
11731351
</parse>
11741352
</case>
1353+
<case name="SQLite multi-threaded search enumeration - database">
1354+
<switches>
1355+
<url value="http://debiandev/sqlmap/sqlite/get_int.php?id=1"/>
1356+
<threads value="4"/>
1357+
<search value="True"/>
1358+
<db value="e"/>
1359+
</switches>
1360+
<parse>
1361+
<item value="on SQLite it is not possible to search databases" console_output="True"/>
1362+
</parse>
1363+
</case>
1364+
<case name="SQLite boolean-based multi-threaded search enumeration - tables without given database">
1365+
<switches>
1366+
<url value="http://debiandev/sqlmap/sqlite/get_int.php?id=1"/>
1367+
<threads value="4"/>
1368+
<tech value="B"/>
1369+
<search value="True"/>
1370+
<tbl value="user"/>
1371+
<answers value="do you want to dump=N"/>
1372+
</switches>
1373+
<parse>
1374+
<item value="r'Database: SQLite_masterdb.+1 table.+users'"/>
1375+
</parse>
1376+
</case>
1377+
<case name="SQLite UNION query multi-threaded search enumeration - tables without given database">
1378+
<switches>
1379+
<url value="http://debiandev/sqlmap/sqlite/get_int.php?id=1"/>
1380+
<threads value="4"/>
1381+
<tech value="U"/>
1382+
<search value="True"/>
1383+
<tbl value="user"/>
1384+
<answers value="do you want to dump=N"/>
1385+
</switches>
1386+
<parse>
1387+
<item value="r'Database: SQLite_masterdb.+1 table.+users'"/>
1388+
</parse>
1389+
</case>
11751390
<!-- End of search enumeration switches -->
11761391

11771392
<!-- User's provided statement enumeration switches -->
@@ -1183,7 +1398,7 @@
11831398
<query value="SELECT * FROM users LIMIT 0, 2"/>
11841399
</switches>
11851400
<parse>
1186-
<item value="r'SELECT \* FROM users LIMIT 0, 2 \[2\].+1, luther, blissett.+2, fluffy, bunny'"/>
1401+
<item value="r'SELECT \* FROM users LIMIT 0, 2 \[2\].+1, luther, blisset.+2, fluffy, bunny'"/>
11871402
</parse>
11881403
</case>
11891404
<case name="MySQL error-based multi-threaded custom SQL query enumeration">
@@ -1194,7 +1409,7 @@
11941409
<query value="SELECT * FROM users LIMIT 0, 2"/>
11951410
</switches>
11961411
<parse>
1197-
<item value="r'SELECT \* FROM users LIMIT 0, 2 \[2\].+1, luther, blissett.+2, fluffy, bunny'"/>
1412+
<item value="r'SELECT \* FROM users LIMIT 0, 2 \[2\].+1, luther, blisset.+2, fluffy, bunny'"/>
11981413
</parse>
11991414
</case>
12001415
<case name="MySQL UNION query multi-threaded custom SQL query enumeration">
@@ -1205,7 +1420,7 @@
12051420
<query value="SELECT * FROM users LIMIT 0, 2"/>
12061421
</switches>
12071422
<parse>
1208-
<item value="r'SELECT \* FROM users LIMIT 0, 2 \[2\].+1, luther, blissett.+2, fluffy, bunny'"/>
1423+
<item value="r'SELECT \* FROM users LIMIT 0, 2 \[2\].+1, luther, blisset.+2, fluffy, bunny'"/>
12091424
</parse>
12101425
</case>
12111426
<case name="MySQL boolean-based multi-threaded custom ordered SQL query enumeration">
@@ -1216,7 +1431,7 @@
12161431
<query value="SELECT * FROM users ORDER BY name"/>
12171432
</switches>
12181433
<parse>
1219-
<item value="r'SELECT \* FROM users ORDER BY name \[5\].+2, fluffy, bunny.+1, luther, blissett.+3, wu, ming'"/>
1434+
<item value="r'SELECT \* FROM users ORDER BY name \[5\].+2, fluffy, bunny.+1, luther, blisset.+3, wu, ming'"/>
12201435
</parse>
12211436
</case>
12221437
<case name="MySQL error-based multi-threaded custom ordered SQL query enumeration">
@@ -1227,7 +1442,7 @@
12271442
<query value="SELECT * FROM users ORDER BY name"/>
12281443
</switches>
12291444
<parse>
1230-
<item value="r'SELECT \* FROM users ORDER BY name \[5\].+2, fluffy, bunny.+1, luther, blissett.+3, wu, ming'"/>
1445+
<item value="r'SELECT \* FROM users ORDER BY name \[5\].+2, fluffy, bunny.+1, luther, blisset.+3, wu, ming'"/>
12311446
</parse>
12321447
</case>
12331448
<case name="MySQL UNION query multi-threaded custom ordered SQL query enumeration">
@@ -1239,7 +1454,7 @@
12391454
</switches>
12401455
<parse>
12411456
<!-- NOTE: it is not sorted on purpose because UNION does not play well with ORDER BY and it is stripped -->
1242-
<item value="r'SELECT \* FROM users ORDER BY name \[5\].+1, luther, blissett.+2, fluffy, bunny.+3, wu, ming'"/>
1457+
<item value="r'SELECT \* FROM users ORDER BY name \[5\].+1, luther, blisset.+2, fluffy, bunny.+3, wu, ming'"/>
12431458
</parse>
12441459
</case>
12451460
<case name="PostgreSQL boolean-based multi-threaded custom SQL query enumeration">
@@ -1250,7 +1465,7 @@
12501465
<query value="SELECT * FROM users OFFSET 0 LIMIT 2"/>
12511466
</switches>
12521467
<parse>
1253-
<item value="r'SELECT \* FROM users OFFSET 0 LIMIT 2 \[2\].+1, luther, blissett.+2, fluffy, bunny'"/>
1468+
<item value="r'SELECT \* FROM users OFFSET 0 LIMIT 2 \[2\].+1, luther, blisset.+2, fluffy, bunny'"/>
12541469
</parse>
12551470
</case>
12561471
<case name="PostgreSQL error-based multi-threaded custom SQL query enumeration">
@@ -1261,7 +1476,7 @@
12611476
<query value="SELECT * FROM users OFFSET 0 LIMIT 2"/>
12621477
</switches>
12631478
<parse>
1264-
<item value="r'SELECT \* FROM users OFFSET 0 LIMIT 2 \[2\].+1, luther, blissett.+2, fluffy, bunny'"/>
1479+
<item value="r'SELECT \* FROM users OFFSET 0 LIMIT 2 \[2\].+1, luther, blisset.+2, fluffy, bunny'"/>
12651480
</parse>
12661481
</case>
12671482
<case name="PostgreSQL UNION query multi-threaded custom SQL query enumeration">
@@ -1272,7 +1487,7 @@
12721487
<query value="SELECT * FROM users OFFSET 0 LIMIT 2"/>
12731488
</switches>
12741489
<parse>
1275-
<item value="r'SELECT \* FROM users OFFSET 0 LIMIT 2 \[2\].+1, luther, blissett.+2, fluffy, bunny'"/>
1490+
<item value="r'SELECT \* FROM users OFFSET 0 LIMIT 2 \[2\].+1, luther, blisset.+2, fluffy, bunny'"/>
12761491
</parse>
12771492
</case>
12781493
<case name="PostgreSQL boolean-based multi-threaded custom ordered SQL query enumeration">
@@ -1283,7 +1498,7 @@
12831498
<query value="SELECT * FROM users ORDER BY name"/>
12841499
</switches>
12851500
<parse>
1286-
<item value="r'SELECT \* FROM users ORDER BY name \[5\].+2, fluffy, bunny.+1, luther, blissett.+3, wu, ming'"/>
1501+
<item value="r'SELECT \* FROM users ORDER BY name \[5\].+2, fluffy, bunny.+1, luther, blisset.+3, wu, ming'"/>
12871502
</parse>
12881503
</case>
12891504
<case name="PostgreSQL error-based multi-threaded custom ordered SQL query enumeration">
@@ -1294,7 +1509,7 @@
12941509
<query value="SELECT * FROM users ORDER BY name"/>
12951510
</switches>
12961511
<parse>
1297-
<item value="r'SELECT \* FROM users ORDER BY name \[5\].+2, fluffy, bunny.+1, luther, blissett.+3, wu, ming'"/>
1512+
<item value="r'SELECT \* FROM users ORDER BY name \[5\].+2, fluffy, bunny.+1, luther, blisset.+3, wu, ming'"/>
12981513
</parse>
12991514
</case>
13001515
<case name="PostgreSQL UNION query multi-threaded custom ordered SQL query enumeration">
@@ -1306,7 +1521,52 @@
13061521
</switches>
13071522
<parse>
13081523
<!-- NOTE: it is not sorted on purpose because UNION does not play well with ORDER BY and it is stripped -->
1309-
<item value="r'SELECT \* FROM users ORDER BY name \[5\].+1, luther, blissett.+2, fluffy, bunny.+3, wu, ming'"/>
1524+
<item value="r'SELECT \* FROM users ORDER BY name \[5\].+1, luther, blisset.+2, fluffy, bunny.+3, wu, ming'"/>
1525+
</parse>
1526+
</case>
1527+
<case name="SQLite boolean-based multi-threaded custom SQL query enumeration">
1528+
<switches>
1529+
<url value="http://debiandev/sqlmap/sqlite/get_int.php?id=1"/>
1530+
<threads value="4"/>
1531+
<tech value="B"/>
1532+
<query value="SELECT * FROM users LIMIT 0, 2"/>
1533+
</switches>
1534+
<parse>
1535+
<item value="r'SELECT \* FROM users LIMIT 0, 2 \[2\].+1, luther, blisset.+2, fluffy, bunny'"/>
1536+
</parse>
1537+
</case>
1538+
<case name="SQLite UNION query multi-threaded custom SQL query enumeration">
1539+
<switches>
1540+
<url value="http://debiandev/sqlmap/sqlite/get_int.php?id=1"/>
1541+
<threads value="4"/>
1542+
<tech value="U"/>
1543+
<query value="SELECT * FROM users LIMIT 0, 2"/>
1544+
</switches>
1545+
<parse>
1546+
<item value="r'SELECT \* FROM users LIMIT 0, 2 \[2\].+1, luther, blisset.+2, fluffy, bunny'"/>
1547+
</parse>
1548+
</case>
1549+
<case name="SQLite boolean-based multi-threaded custom ordered SQL query enumeration">
1550+
<switches>
1551+
<url value="http://debiandev/sqlmap/sqlite/get_int.php?id=1"/>
1552+
<threads value="4"/>
1553+
<tech value="B"/>
1554+
<query value="SELECT * FROM users ORDER BY name"/>
1555+
</switches>
1556+
<parse>
1557+
<item value="r'SELECT \* FROM users ORDER BY name \[5\].+2, fluffy, bunny.+1, luther, blisset.+3, wu, ming'"/>
1558+
</parse>
1559+
</case>
1560+
<case name="SQLite UNION query multi-threaded custom ordered SQL query enumeration">
1561+
<switches>
1562+
<url value="http://debiandev/sqlmap/sqlite/get_int.php?id=1"/>
1563+
<threads value="4"/>
1564+
<tech value="U"/>
1565+
<query value="SELECT * FROM users ORDER BY name"/>
1566+
</switches>
1567+
<parse>
1568+
<!-- NOTE: it is not sorted on purpose because UNION does not play well with ORDER BY and it is stripped -->
1569+
<item value="r'SELECT \* FROM users ORDER BY name \[4\].+1, luther, blisset.+2, fluffy, bunny.+3, wu, ming'"/>
13101570
</parse>
13111571
</case>
13121572
<!-- End of user's provided statement enumeration switches -->

0 commit comments

Comments
 (0)