├── .gitattributes ├── Dockerfile ├── README.md ├── access ├── get_int.php └── index.php ├── conf ├── index.php ├── unixodbc.conf ├── users.basic └── users.digest ├── db2 ├── get_int.php └── index.php ├── dbs ├── access │ └── testdb.mdb ├── firebird │ └── testdb.fdb ├── index.php └── sqlite │ ├── testdb.sqlite │ └── testdb.sqlite3 ├── deployment.sh ├── docker ├── docker-compose.yml └── run.sh ├── firebird ├── get_int.php ├── get_int_inline.php ├── get_int_nooutput.php ├── get_int_partialunion.php └── index.php ├── hsqldb ├── META-INF │ └── MANIFEST.MF ├── README.md ├── WEB-INF │ └── web.xml ├── index.html └── src │ ├── Register.java │ └── ViewRecords.java ├── index.php ├── informix ├── get_int.php └── index.php ├── ingres ├── get_int.php └── index.php ├── libs ├── access.inc.php ├── db2.inc.php ├── firebird.inc.php ├── firebird_user.inc.php ├── index.php ├── informix.inc.php ├── ingres.inc.php ├── maxdb.inc.php ├── maxdb_user.inc.php ├── mssql.inc.php ├── mssql_user.inc.php ├── mysql.inc.php ├── mysql_user.inc.php ├── oracle.inc.php ├── oracle_user.inc.php ├── pgsql.inc.php ├── pgsql_user.inc.php ├── sqlite.inc.php ├── sqlite3.inc.php ├── sybase.inc.php └── sybase_user.inc.php ├── maxdb ├── get_int.php └── index.php ├── mssql ├── cookie_brackets.php ├── cookie_dstr.php ├── cookie_int.php ├── cookie_str.php ├── get_brackets.php ├── get_dstr.php ├── get_int.php ├── get_int_partialunion.php ├── get_str.php ├── header_brackets.php ├── header_dstr.php ├── header_str.php ├── iis │ ├── get_int.asp │ ├── get_int_having.asp │ ├── get_int_partialunion.asp │ ├── get_proc.asp │ ├── get_str.asp │ ├── get_str2.asp │ └── post_str.asp ├── index.php ├── post_brackets.php ├── post_dstr.php ├── post_int.php └── post_str.php ├── mysql ├── basic │ ├── .htaccess │ └── get_int.php ├── cookie_brackets.php ├── cookie_dstr.php ├── cookie_int.php ├── cookie_str.php ├── cookie_str2.php ├── csrf │ ├── index.php │ └── post.php ├── digest │ ├── .htaccess │ └── get_int.php ├── get_brackets.php ├── get_dstr.php ├── get_dstr_like_par.php ├── get_dstr_like_par2.php ├── get_int.php ├── get_int_benchmark.php ├── get_int_blob.php ├── get_int_filtered.php ├── get_int_groupby.php ├── get_int_having.php ├── get_int_img.php ├── get_int_inline.php ├── get_int_international.php ├── get_int_limit.php ├── get_int_limit_second.php ├── get_int_noerror.php ├── get_int_nolimit.php ├── get_int_nooutput.php ├── get_int_orderby.php ├── get_int_partialunion.php ├── get_int_rand.php ├── get_int_redirected.php ├── get_int_redirected_true.php ├── get_int_reflective.php ├── get_int_substr.php ├── get_int_user.php ├── get_str.php ├── get_str2.php ├── get_str_brackets.php ├── get_str_like.php ├── get_str_like_par.php ├── get_str_like_par2.php ├── get_str_like_par3.php ├── get_str_noout.php ├── get_str_or.php ├── get_str_union.php ├── header_brackets.php ├── header_dstr.php ├── header_str.php ├── iis │ ├── get_int_41.asp │ ├── get_int_41.aspx │ ├── get_int_50.asp │ ├── get_int_50.aspx │ ├── get_int_51.asp │ ├── get_int_51.aspx │ ├── get_int_60.asp │ └── get_int_60.aspx ├── img │ ├── bad.png │ └── ok.png ├── index.php ├── post_brackets.php ├── post_dstr.php ├── post_int.php ├── post_str.php └── referer_str.php ├── oracle ├── get_int.jsp ├── get_int.php ├── get_int_groupby.php ├── get_int_having.php ├── get_int_inline.php ├── get_int_nooutput.php ├── get_int_orderby.php ├── get_int_partialunion.php ├── get_int_unpriv.php ├── get_int_unpriv_partial.php ├── index.php └── post_int.php ├── pgsql ├── cookie_brackets.php ├── cookie_dstr.php ├── cookie_int.php ├── cookie_str.php ├── get_brackets.php ├── get_dstr.php ├── get_int.php ├── get_int8.2.php ├── get_int8.4.php ├── get_int_groupby.php ├── get_int_having.php ├── get_int_inline.php ├── get_int_noerror.php ├── get_int_nooutput.php ├── get_int_orderby.php ├── get_int_partialunion.php ├── get_int_user.php ├── get_str.php ├── header_brackets.php ├── header_dstr.php ├── header_str.php ├── iis │ ├── get_int_82.asp │ ├── get_int_82.aspx │ ├── get_int_83.asp │ ├── get_int_83.aspx │ ├── get_int_84.asp │ └── get_int_84.aspx ├── index.php ├── post_brackets.php ├── post_dstr.php ├── post_int.php └── post_str.php ├── schema ├── access.sql ├── db2.sql ├── firebird.sql ├── index.php ├── informix.sql ├── ingres.sql ├── maxdb.sql ├── mssql.sql ├── mssql_proc.sql ├── mysql.sql ├── oracle.sql ├── pgsql.sql ├── sqlite.sql ├── sqlite3.sql └── sybase.sql ├── sqlite ├── get_int.php ├── get_int_3.php ├── get_int_3_inline.php ├── get_int_3_nooutput.php ├── get_int_3_partialunion.php ├── get_int_inline.php ├── get_int_partialunion.php ├── get_str_3.php └── index.php └── sybase ├── get_int.php └── index.php /.gitattributes: -------------------------------------------------------------------------------- 1 | *.php text eol=lf 2 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM debian/eol:wheezy 2 | 3 | # Updating base system 4 | RUN apt-get update 5 | RUN apt-get upgrade -y 6 | 7 | # Installing Apache, PHP, git and generic PHP modules 8 | RUN DEBIAN_FRONTEND=noninteractive apt-get -qq -y install apache2 libapache2-mod-php5 git php5-dev php5-gd php-pear \ 9 | php5-mysql php5-pgsql php5-sqlite php5-interbase php5-sybase \ 10 | php5-odbc unzip make libaio1 bc screen htop git \ 11 | subversion sqlite sqlite3 mysql-server mysql-client libmysqlclient-dev \ 12 | netcat libssl-dev libtool zlib1g-dev libc6-dev 13 | 14 | # Configuring Apache and PHP 15 | RUN rm /var/www/index.html 16 | RUN mkdir /var/www/test 17 | RUN chmod 777 /var/www/test 18 | RUN a2enmod auth_basic auth_digest 19 | RUN sed -i 's/AllowOverride None/AllowOverride AuthConfig/' /etc/apache2/sites-enabled/* 20 | RUN sed -i 's/magic_quotes_gpc = On/magic_quotes_gpc = Off/g' /etc/php5/*/php.ini 21 | 22 | # Copy sqlmap test environment to /var/www 23 | COPY . /var/www/sqlmap/ 24 | WORKDIR /var/www/sqlmap 25 | 26 | # Listen on port 80 27 | EXPOSE 80 28 | 29 | CMD ["/var/www/sqlmap/docker/run.sh"] 30 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # SQL injection test environment 2 | 3 | A collection of web pages vulnerable to SQL injection flaws and more: 4 | * `conf/` - operating system configuration files used by `deployment.sh`. 5 | * `dbs/` - standalone databases for some database management systems (e.g. Microsoft Access). 6 | * `libs/` - web API libraries to connect to the database management system, perform the provided statement and return its output. 7 | * `schema/` - SQL used to create the test database, a test table and populate it with test entries. 8 | * Other directories - vulnerable pages for each database management system. 9 | * `deployment.sh` - A bash script to deploy from scratch a fully-fledged Linux (Debian or Ubuntu) machine with all the relevant database management systems installed and configured, ready to be targeted. 10 | -------------------------------------------------------------------------------- /access/get_int.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /access/index.php: -------------------------------------------------------------------------------- 1 | Index\n\n"; 17 | ?> 18 | -------------------------------------------------------------------------------- /conf/index.php: -------------------------------------------------------------------------------- 1 | Index\n\n"; 17 | ?> 18 | -------------------------------------------------------------------------------- /conf/unixodbc.conf: -------------------------------------------------------------------------------- 1 | [MDBToolsODBC] 2 | Description = MDB Tools ODBC drivers 3 | Driver = /usr/lib/libmdbodbc.so.0 4 | Setup = 5 | FileUsage = 1 6 | CPTimeout = 7 | CPReuse = 8 | -------------------------------------------------------------------------------- /conf/users.basic: -------------------------------------------------------------------------------- 1 | testuser:MGwBBlVeIhvCc 2 | -------------------------------------------------------------------------------- /conf/users.digest: -------------------------------------------------------------------------------- 1 | testuser:Testing digest authentication:a5e54274be8b6a3bc5fe38fb1ebb27f1 2 | -------------------------------------------------------------------------------- /db2/get_int.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /db2/index.php: -------------------------------------------------------------------------------- 1 | Index\n\n"; 17 | ?> 18 | -------------------------------------------------------------------------------- /dbs/access/testdb.mdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqlmapproject/testenv/a2ab9728bb4acff4e1eed506a1cd2c4ba11cbb76/dbs/access/testdb.mdb -------------------------------------------------------------------------------- /dbs/firebird/testdb.fdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqlmapproject/testenv/a2ab9728bb4acff4e1eed506a1cd2c4ba11cbb76/dbs/firebird/testdb.fdb -------------------------------------------------------------------------------- /dbs/index.php: -------------------------------------------------------------------------------- 1 | Index\n\n"; 17 | ?> 18 | -------------------------------------------------------------------------------- /dbs/sqlite/testdb.sqlite: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqlmapproject/testenv/a2ab9728bb4acff4e1eed506a1cd2c4ba11cbb76/dbs/sqlite/testdb.sqlite -------------------------------------------------------------------------------- /dbs/sqlite/testdb.sqlite3: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqlmapproject/testenv/a2ab9728bb4acff4e1eed506a1cd2c4ba11cbb76/dbs/sqlite/testdb.sqlite3 -------------------------------------------------------------------------------- /deployment.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | apt-get install -y aptitude 3 | 4 | echo "### Updating base system" 5 | aptitude -y update 6 | aptitude -y upgrade 7 | 8 | echo "### Installing Apache, PHP, git and generic PHP modules" 9 | aptitude install -y apache2 libapache2-mod-php git php-dev php-gd php-pear php-mysql php-pgsql php-sqlite php-interbase php-sybase php-odbc libmdbodbc1 unzip make libaio1 bc screen htop git subversion sqlite sqlite3 10 | 11 | echo "### Configuring Apache and PHP" 12 | rm /var/www/index.html 13 | mkdir /var/www/test 14 | chmod 777 /var/www/test 15 | a2enmod auth_basic auth_digest 16 | sed -i 's/AllowOverride None/AllowOverride AuthConfig/' /etc/apache2/sites-enabled/* 17 | sed -i 's/magic_quotes_gpc = On/magic_quotes_gpc = Off/g' /etc/php/*/*/php.ini 18 | sed -i 's/extension=suhosin.so/;extension=suhosin.so/g' /etc/php/*/conf.d/suhosin.ini 19 | update-rc.d apache2 defaults 20 | 21 | echo "### Restarting Apache web server" 22 | service apache2 restart 23 | 24 | echo "### Downloading sqlmap test environment to /var/www" 25 | cd /var/www 26 | git clone https://github.com/sqlmapproject/testenv.git sqlmap 27 | 28 | echo "### Installing MySQL database management system (clients, server, libraries)" 29 | echo "### NOTE: when asked for a password, type 'testpass'" 30 | aptitude install -y mysql-client mysql-server libmysqlclient-dev libmysqld-dev 31 | update-rc.d mysql defaults 32 | 33 | echo "### Initializing MySQL test database and table" 34 | echo "### NOTE: when asked for a password, type 'testpass'" 35 | mysql -u root -p mysql < /var/www/sqlmap/schema/mysql.sql 36 | sed -i 's/bind-address = 127.0.0.1/bind-address = 0.0.0.0/g' /etc/mysql/my.cnf 37 | service mysql restart 38 | 39 | echo "### Installing PostgreSQL database management system (clients, server, libraries)" 40 | aptitude install -y postgresql-client postgresql postgresql-server-dev-all libpq-dev 41 | update-rc.d postgresql defaults 42 | 43 | echo "### Initializing PostgreSQL test database and table" 44 | echo "### NOTE: when asked for a password, type 'testpass'" 45 | echo "Now type: ALTER USER postgres WITH PASSWORD 'testpass'; - hit RETURN, type \q - hit RETURN" 46 | su postgres -c psql 47 | passwd -d postgres 48 | su postgres -c passwd 49 | psql -U postgres -h 127.0.0.1 -c "CREATE DATABASE testdb;" 50 | psql -U postgres -h 127.0.0.1 -d testdb -f /var/www/sqlmap/schema/pgsql.sql 51 | echo "host all all 0.0.0.0/0 md5" >> /etc/postgresql/*/main/pg_hba.conf 52 | sed -i "s/listen_addresses = 'localhost'/listen_addresses = '*'/g" /etc/postgresql/*/main/postgresql.conf 53 | sed -i "s/#listen_addresses = /listen_addresses = /g" /etc/postgresql/*/main/postgresql.conf 54 | service postgresql restart 55 | 56 | echo "### Configuring PHP for SQLite 2" 57 | wget http://www.spadim.com.br/SQLite-1.0.4.tgz 58 | tar xvf SQLite-1.0.4.tgz 59 | cd SQLite-1.0.4 60 | phpize 61 | ./configure 62 | make 63 | make install 64 | echo "extension=sqlite.so" > /etc/php5/conf.d/99-sqlite2.ini 65 | 66 | echo "### Installing Firebird database management system (clients, server, libraries)" 67 | echo "### NOTE: when asked for a password, type 'testpass'" 68 | aptitude install -y firebird2.5-super firebird2.5-dev 69 | dpkg-reconfigure firebird2.5-super 70 | update-rc.d firebird2.5-super defaults 71 | 72 | echo "### Initializing Firebird test database" 73 | echo "modify SYSDBA -pw testpass" | gsec -user SYSDBA -password masterkey 74 | chmod 666 /var/www/sqlmap/dbs/firebird/testdb.fdb 75 | 76 | echo "### Installing Oracle database management system (clients, server)" 77 | cd /tmp 78 | wget https://oss.oracle.com/debian/dists/unstable/non-free/binary-i386/oracle-xe_10.2.0.1-1.1_i386.deb 79 | wget https://oss.oracle.com/debian/dists/unstable/non-free/binary-i386/oracle-xe-client_10.2.0.1-1.2_i386.deb 80 | dpkg -i oracle-xe_10.2.0.1-1.1_i386.deb 81 | dpkg -i oracle-xe-client_10.2.0.1-1.2_i386.deb 82 | echo "### NOTE: when asked for a password, type 'testpass'" 83 | service oracle-xe configure 84 | 85 | echo "### Download the Oracle Basic and SDK Instant Client packages from the OTN Instant Client page, http://www.oracle.com/technetwork/database/features/instant-client/ (e.g. instantclient-basic-linux-11.2.0.3.0.zip and instantclient-sdk-linux-11.2.0.3.0.zip), open a separate shell and unzip them in /opt directory" 86 | echo "### Hit ENTER when you have done it" 87 | read enter 88 | cd /opt/instantclient_* 89 | ln -s libclntsh.so.11.1 libclntsh.so 90 | 91 | echo "### Configuring PHP for Oracle" 92 | echo "### NOTE: when asked for a path, provide instantclient,/opt/instantclient_" 93 | pecl install oci8 94 | echo "extension=oci8.so" > /etc/php5/conf.d/99-oracle.ini 95 | sed -i 's/\;oci8.privileged_connect = Off/oci8.privileged_connect = On/g' /etc/php5/*/php.ini 96 | 97 | echo "### Patching /etc/profile with new and modified environment variables" 98 | cat << EOF >> /etc/profile 99 | 100 | # Oracle 101 | export ORACLE_HOME=/usr/lib/oracle/xe/app/oracle/product/10.2.0/server 102 | export ORACLE_SID=XE 103 | 104 | # IBM DB2 105 | export IBM_DB_HOME=/opt/ibm/db2/V9.5 106 | export IBM_DB_LIB=/opt/ibm/db2/V9.5/lib32 107 | 108 | # IBM Informix 109 | export INFORMIXDIR=/opt/IBM/informix 110 | export INFORMIXSERVER=ol_informix1170 111 | export ONCONFIG=onconfig.ol_informix1170 112 | export INFORMIXSQLHOSTS=/opt/IBM/informix/etc/sqlhosts.ol_informix1170 113 | export ODBCINI=/etc/odbc.ini 114 | #export CLIENT_LOCALE=en_US.8859-1 115 | 116 | export LD_LIBRARY_PATH=/usr/lib/oracle/xe/app/oracle/product/10.2.0/server/lib:/opt/ibm/db2/V9.5/lib32:/opt/IBM/informix/lib:/opt/IBM/informix/lib/cli:/opt/IBM/informix/lib/esql:/opt/IBM/informix/lib/tools 117 | EOF 118 | 119 | source /etc/profile 120 | 121 | cat << EOF >> /etc/profile 122 | 123 | # PATH 124 | export PATH=\$PATH:${ORACLE_HOME}/bin:${IBM_DB_HOME}/bin:${INFORMIXDIR}/bin:${INFORMIXDIR}/extend/krakatoa/jre/bin 125 | EOF 126 | 127 | source /etc/profile 128 | 129 | echo "### Initializing Oracle test database and table" 130 | sqlplus SYS/testpass@//127.0.0.1:1521/XE AS SYSDBA << EOF 131 | @/var/www/sqlmap/schema/oracle.sql; 132 | ALTER system SET processes=300 scope=spfile; 133 | ALTER system SET sessions=300 scope=spfile; 134 | EOF 135 | service oracle-xe restart 136 | 137 | echo "### Initializing system to allow installation of IBM DB2" 138 | cat << EOF >> /etc/sysctl.conf 139 | 140 | # Setting for IBM DB2 141 | fs.aio-max-nr = 1048576 142 | fs.file-max = 6815744 143 | kernel.shmall = 2097152 144 | kernel.shmmax = 536870912 145 | kernel.shmmni = 4096 146 | kernel.sem = 250 32000 100 128 147 | net.ipv4.ip_local_port_range = 9000 65500 148 | net.core.rmem_default = 262144 149 | net.core.rmem_max = 4194304 150 | net.core.wmem_default = 262144 151 | net.core.wmem_max = 1048586 152 | EOF 153 | sysctl -p 154 | aptitude install -y alien autoconf2.13 binutils build-essential cpp-4.4 debhelper g++-4.4 gawk gcc-4.4 gcc-4.4-base gettext html2text ia32-libs-i386 intltool-debian ksh lesstif2 libaio-dev libaio1 libbeecrypt7 libc6 libc6-dev libc6-dev libdb4.8 libelf-dev libelf1 libltdl-dev libltdl7 libodbcinstq4-1 libqt4-core libqt4-gui libsqlite3-0 libstdc++5 libstdc++6 libstdc++6-4.4-dev lsb lsb-core lsb-cxx lsb-desktop lsb-graphics lsb-qt4 make odbcinst openjdk-6-jdk pax po-debconf rpm rpm-common sysstat tzdata-java unixodbc unixodbc-dev unzip xorg iceweasel 155 | 156 | echo "### Download IBM DB2 trial from IBM software portal, http://www14.software.ibm.com/webapp/download/preconfig.jsp?id=2007-10-30+16%3A22%3A45.136755R&S_TACT=&S_CMP= and install it in a separate shell" 157 | echo "### An how-to can be found on http://edin.no-ip.com/blog/hswong3i/ibm-db2-v9-7-apache-2-2-php5-3-debian-squeeze-howto" 158 | echo "### Hit ENTER when you have done it" 159 | read enter 160 | 161 | cd /tmp 162 | su -c "/opt/ibm/db2/V9.5/bin/db2 \"CREATE DATABASE testdb\"" db2inst1 163 | su -c "/opt/ibm/db2/V9.5/bin/db2 < /var/www/sqlmap/schema/db2.sql" db2inst1 164 | 165 | echo "### Configuring PHP for IBM DB2" 166 | echo "### NOTE: when asked for the DB2 installation directory, provide /opt/ibm/db2/V9.5" 167 | pecl install ibm_db2 168 | echo "extension=ibm_db2.so" > /etc/php5/conf.d/99-db2.ini 169 | 170 | echo "### NOTE: when asked for a password, type 'testpass'" 171 | adduser informix 172 | passwd informix 173 | 174 | echo "### Download IBM Informix (client and server) from IBM software portal, https://www14.software.ibm.com/webapp/download/search.jsp?pn=Informix+Dynamic+Server and install it in a separate shell" 175 | echo "### Hit ENTER when you have done it" 176 | read enter 177 | #wget https://www6.software.ibm.com/sdfdl/2v2/regs2/mstadm/informix/Xa.2/Xb.b8S61sgMER4Xv-OZtTA_T2rbXlP3haBaZHqUsM_qyQ/Xc.iif.11.70.UC7DE.Linux-RHEL5.tar/Xd./Xf.LPr.D1vk/Xg.6871728/Xi.ifxids/XY.regsrvs/XZ.g9hQ35T595nVz7Ids2e0cBZguOE/iif.11.70.UC7DE.Linux-RHEL5.tar 178 | #tar xvf iif.11.70.UC7DE.Linux-RHEL5.tar 179 | #chmod +x ids_install 180 | #./ids_install 181 | # NOTE: in recent versions, client SDK is part of the server installer 182 | #wget https://www6.software.ibm.com/sdfdl/2v2/regs2/mstadm/informix/Xa.2/Xb.YBTN_DlRQVtTQcv6rNBKpda1x-zsBonq_4dH2lYTYQ/Xc.clientsdk.3.70.UC5DE.LINUX.tar/Xd./Xf.LPr.D1vk/Xg.6872524/Xi.ifxdl/XY.regsrvs/XZ._9ztqA4zY_TE9mCBH0YaP9Gkl5k/clientsdk.3.70.UC5DE.LINUX.tar 183 | #tar xvf clientsdk.3.70.UC5DE.LINUX.tar 184 | #./installclientsdk 185 | ln -fs /opt/IBM/informix/etc/sqlhosts.ol_informix1170 /opt/IBM/informix/etc/sqlhosts 186 | ln -fs /opt/IBM/informix/etc/onconfig.ol_informix1170 /opt/IBM/informix/etc/onconfig 187 | echo "FULL_DISK_INIT 1" >> /opt/IBM/informix/etc/onconfig 188 | cat << EOF > /opt/IBM/informix/etc/sqlhosts 189 | ol_informix1170 onipcshm localhost none 190 | dr_informix1170 onsoctcp localhost dr_informix1170 191 | EOF 192 | onclean -ky 193 | oninit -iyv 194 | 195 | echo "### Initializing Informix test database and table" 196 | dbaccessdemo7 197 | isql inf -v < /var/www/sqlmap/schema/informix.sql 198 | 199 | echo "### Configuring PHP for IBM Informix" 200 | echo "### NOTE: when asked for the Informix installation directory, provide /opt/IBM/informix" 201 | aptitude install -y re2c 202 | cd /tmp 203 | wget http://pecl.php.net/get/PDO_INFORMIX-1.3.1.tgz 204 | tar xvfz PDO_INFORMIX-1.3.1.tgz 205 | cd PDO_INFORMIX-1.3.0 206 | phpize 207 | ln -s /usr/include/php5 /usr/include/php 208 | ./configure 209 | make 210 | make install 211 | echo "extension=pdo_informix.so" > /etc/php5/conf.d/99-pdo_informix.ini 212 | 213 | echo "### Initializing Microsoft Access and Informix ODBC driver" 214 | cat << EOF > /etc/odbc.ini 215 | [ODBC Data Sources] 216 | testdb=Microsoft Access Database of testdb 217 | inf=Informix 218 | 219 | [testdb] 220 | Description = Microsoft Access Database of testdb 221 | Driver = MDBToolsODBC 222 | Database = /var/www/sqlmap/dbs/access/testdb.mdb 223 | Servername = localhost 224 | UserName = 225 | Password = 226 | port = 4747 227 | 228 | [inf] 229 | Description=Informix 230 | Driver=/opt/IBM/informix/lib/cli/iclit09b.so 231 | Database=stores_demo 232 | LogonID=informix 233 | pwd=testpass 234 | Servername=ol_informix1170 235 | CursorBehavior=0 236 | CLIENT_LOCALE=en_US.8859-1 237 | DB_LOCALE=en_US.819 238 | TRANSLATIONDLL=/opt/IBM/informix/lib/esql/igo4a304.so 239 | 240 | [ODBC] 241 | UNICODE=UCS-4 242 | Trace=0 243 | TraceFile=/tmp/odbctrace.out 244 | InstallDir=/opt/IBM/informix 245 | TRACEDLL=idmrs09a.so 246 | EOF 247 | 248 | cat << EOF > /etc/odbcinst.ini 249 | [ODBC Drivers] 250 | MDBToolsODBC=Installed 251 | Informix=Installed 252 | 253 | [MDBToolsODBC] 254 | Description = MDB Tools ODBC drivers 255 | Driver = /usr/lib/i386-linux-gnu/odbc/libmdbodbc.so.1 256 | Setup = 257 | FileUsage = 1 258 | CPTimeout = 259 | CPReuse = 260 | UsageCount = 1 261 | 262 | [Informix] 263 | Driver=/opt/IBM/informix/lib/cli/iclit09b.so 264 | Setup=/opt/IBM/informix/lib/cli/iclit09b.so 265 | APILevel=1 266 | ConnectFunctions=YYY 267 | DriverODBCVer=03.51 268 | FileUsage=0 269 | SQLLevel=1 270 | smProcessPerConnect=Y 271 | EOF 272 | 273 | # TODO: Add Ingres 274 | 275 | # HSQLDB - Apache Tomcat 276 | echo "### Downloading and deploying Tomcat for HSQLDB testbed" 277 | cd /tmp 278 | apt-get install tomcat7 279 | chown -R tomcat7 /var/lib/tomcat7/ 280 | cp -r /var/www/sqlmap/hsqldb/ /var/lib/tomcat7/webapps/hsqldb_1_7_2 281 | cp -r /var/www/sqlmap/hsqldb/ /var/lib/tomcat7/webapps/hsqldb_2_2_9 282 | 283 | echo "### Compiling Java for HSQLDB testbed" 284 | mkdir /var/lib/tomcat7/webapps/hsqldb_1_7_2/WEB-INF/classes/ 285 | javac -classpath /usr/share/tomcat7/lib/servlet-api.jar /var/www/sqlmap/hsqldb/src/*.java 286 | mv -f /var/www/sqlmap/hsqldb/src/*.class /var/lib/tomcat7/webapps/hsqldb_1_7_2/WEB-INF/classes/ 287 | 288 | # Replace the connection class name and database name for different versions 289 | mkdir /var/lib/tomcat7/webapps/hsqldb_2_2_9/WEB-INF/classes/ 290 | sed -i -e 's/org.hsqldb.jdbcDriver/org.hsqldb.jdbc.JDBCDriver/' /var/www/sqlmap/hsqldb/src/Register.java 291 | sed -i -e 's/org.hsqldb.jdbcDriver/org.hsqldb.jdbc.JDBCDriver/' /var/www/sqlmap/hsqldb/src/ViewRecords.java 292 | sed -i -e 's/jdbc:hsqldb:hsqldb-1_7_2/jdbc:hsqldb:hsqldb-2_2_9/' /var/www/sqlmap/hsqldb/src/Register.java 293 | sed -i -e 's/jdbc:hsqldb:hsqldb-1_7_2/jdbc:hsqldb:hsqldb-2_2_9/' /var/www/sqlmap/hsqldb/src/ViewRecords.java 294 | javac -classpath /usr/share/tomcat7/lib/servlet-api.jar /var/www/sqlmap/hsqldb/src/*.java 295 | mv -f /var/www/sqlmap/hsqldb/src/*.class /var/lib/tomcat7/webapps/hsqldb_2_2_9/WEB-INF/classes/ 296 | 297 | echo "### Downloading HSQLDB 1.7.2.11" 298 | wget http://kent.dl.sourceforge.net/project/hsqldb/hsqldb/hsqldb_1_7_2/hsqldb_1_7_2_11.zip 299 | unzip -q hsqldb_1_7_2_11.zip 300 | mkdir /var/lib/tomcat7/webapps/hsqldb_1_7_2/WEB-INF/lib/ 301 | mv -f /tmp/hsqldb/lib/hsqldb.jar /var/lib/tomcat7/webapps/hsqldb_1_7_2/WEB-INF/lib/ 302 | rm -rf hsqldb* 303 | 304 | echo "### Downloading HSQLDB 2.2.9" 305 | wget http://kent.dl.sourceforge.net/project/hsqldb/hsqldb/hsqldb_2_2/hsqldb-2.2.9.zip 306 | unzip -q hsqldb-2.2.9.zip 307 | mkdir /var/lib/tomcat7/webapps/hsqldb_2_2_9/WEB-INF/lib/ 308 | mv -f /tmp/hsqldb-2.2.9/hsqldb/lib/hsqldb.jar /var/lib/tomcat7/webapps/hsqldb_2_2_9/WEB-INF/lib/. 309 | rm -rf hsqldb* 310 | 311 | echo "### Restarting Tomcat" 312 | service tomcat7 restart 313 | 314 | echo "### Starting DBMS at boot" 315 | cat << EOF > /etc/rc.local 316 | #!/bin/sh -e 317 | # 318 | # rc.local 319 | # 320 | # This script is executed at the end of each multiuser runlevel. 321 | # Make sure that the script will "exit 0" on success or any other 322 | # value on error. 323 | # 324 | # In order to enable or disable this script just change the execution 325 | # bits. 326 | # 327 | # By default this script does nothing. 328 | 329 | # Start IBM DB2 at boot 330 | su -c /home/db2inst1/sqllib/adm/db2start db2inst1 331 | 332 | # Start IBM Informix at boot 333 | /opt/IBM/informix/bin/oninit -v 334 | exit 0 335 | EOF 336 | 337 | echo "### Restarting Apache web server (following installation and setup of PHP modules)" 338 | service apache2 restart 339 | 340 | echo "### Checking out sqlmap source code into /opt/sqlmap" 341 | git clone https://github.com/sqlmapproject/sqlmap.git /opt/sqlmap 342 | 343 | echo "### Installing sqlmap dependencies" 344 | aptitude install -y python-setuptools python-dev python-kinterbasdb python-pymssql python-psycopg2 python-pyodbc python-pymssql python-sqlite python-impacket python-jpype 345 | git clone https://github.com/petehunt/PyMySQL /tmp/PyMySQL 346 | cd /tmp/PyMySQL 347 | python setup.py install 348 | cd /tmp 349 | wget http://downloads.sourceforge.net/project/cx-oracle/5.1.2/cx_Oracle-5.1.2.tar.gz 350 | tar xvfz cx_Oracle-5.1.2.tar.gz 351 | cd cx_Oracle-5.1.2 352 | python setup.py install 353 | cd /tmp 354 | git clone https://code.google.com/p/ibm-db ibm-db 355 | cd ibm-db/IBM_DB/ibm_db 356 | python setup.py install 357 | cd /tmp 358 | svn checkout http://python-ntlm.googlecode.com/svn/trunk/ python-ntlm 359 | cd python-ntlm/python26 360 | python setup.py install 361 | easy_install jaydebeapi 362 | 363 | echo "### Clean up installation" 364 | aptitude clean 365 | 366 | echo "### Patching ~/.bashrc" 367 | cat << EOF >> ~/.bashrc 368 | 369 | alias mysqlconn='mysql -u root -p testdb' 370 | alias pgsqlconn='psql -h 127.0.0.1 -p 5432 -U postgres -W testdb' 371 | alias oracleconn='sqlplus SYS/testpass@//127.0.0.1:1521/XE AS SYSDBA' 372 | alias oracleconnscott='sqlplus SCOTT/testpass@//127.0.0.1:1521/XE' 373 | alias db2conn='db2' 374 | alias sqliteconn='sqlite /var/www/sqlmap/dbs/sqlite/testdb.sqlite' 375 | alias sqlite3conn='sqlite3 /var/www/sqlmap/dbs/sqlite/testdb.sqlite3' 376 | alias firebirdconn='isql-fb -u SYSDBA -p testpass /var/www/sqlmap/dbs/firebird/testdb.fdb' 377 | alias accessconn='isql testdb -v' 378 | alias informixconn='isql inf -v' 379 | 380 | alias mysqlconnsqlmap='python /opt/sqlmap/sqlmap.py -d mysql://root:testpass@127.0.0.1:3306/testdb -b --sql-shell -v 6' 381 | alias pgsqlconnsqlmap='python /opt/sqlmap/sqlmap.py -d postgresql://postgres:testpass@127.0.0.1:5432/testdb -b --sql-shell -v 6' 382 | alias oracleconnsqlmap='python /opt/sqlmap/sqlmap.py -d oracle://SYS:testpass@127.0.0.1:1521/XE -b --sql-shell -v 6' 383 | alias oracleconnscottsqlmap='python /opt/sqlmap/sqlmap.py -d oracle://SCOTT:testpass@127.0.0.1:1521/XE -b --sql-shell -v 6' 384 | alias db2connsqlmap='python /opt/sqlmap/sqlmap.py -d db2://db2inst1:testpass@127.0.0.1:50000/testdb -b --sql-shell -v 6' 385 | alias sqliteconnsqlmap='python /opt/sqlmap/sqlmap.py -d sqlite:///var/www/sqlmap/dbs/sqlite/testdb.sqlite -b --sql-shell -v 6' 386 | alias sqlite3connsqlmap='python /opt/sqlmap/sqlmap.py -d sqlite3:///var/www/sqlmap/dbs/sqlite/testdb.sqlite3 -b --sql-shell -v 6' 387 | alias firebirdconnsqlmap='python /opt/sqlmap/sqlmap.py -d firebird://SYSDBA:testpass@/var/www/sqlmap/dbs/firebird/testdb.fdb -b --sql-shell -v 6' 388 | alias accessconnsqlmap='python /opt/sqlmap/sqlmap.py -d access:///var/www/sqlmap/dbs/access/testdb.mdb -b --sql-shell -v 6' 389 | 390 | alias upgradeall='aptitude update && aptitude -y full-upgrade && aptitude clean && sync' 391 | EOF 392 | source ~/.bashrc 393 | 394 | -------------------------------------------------------------------------------- /docker/docker-compose.yml: -------------------------------------------------------------------------------- 1 | mydb: 2 | image: mysql 3 | environment: 4 | - MYSQL_ROOT_PASSWORD=testpass 5 | 6 | testenv: 7 | image: andresriancho/testenv:latest 8 | ports: 9 | - "8998:80" 10 | links: 11 | - mydb 12 | environment: 13 | - APACHE_RUN_USER=www-data 14 | - APACHE_RUN_GROUP=www-data 15 | - APACHE_LOG_DIR=/var/log/apache2/ 16 | 17 | -------------------------------------------------------------------------------- /docker/run.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | /etc/init.d/mysql start 4 | 5 | mysqladmin -u root password testpass 6 | mysql -u root -ptestpass mysql < /var/www/sqlmap/schema/mysql.sql 7 | 8 | /etc/init.d/apache2 start 9 | 10 | echo "Listening..." 11 | tail -f /dev/null 12 | -------------------------------------------------------------------------------- /firebird/get_int.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /firebird/get_int_inline.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /firebird/get_int_nooutput.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /firebird/get_int_partialunion.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /firebird/index.php: -------------------------------------------------------------------------------- 1 | Index\n\n"; 17 | ?> 18 | -------------------------------------------------------------------------------- /hsqldb/META-INF/MANIFEST.MF: -------------------------------------------------------------------------------- 1 | Manifest-Version: 1.0 2 | Class-Path: 3 | 4 | -------------------------------------------------------------------------------- /hsqldb/README.md: -------------------------------------------------------------------------------- 1 | For Tomcat (or other Java Servlet engine) 2 | 3 | Modified version of: 4 | https://code.google.com/p/hemraj-demo-project/ 5 | 6 | WEB-INF\lib\hsqldb.jar can be replaced with other HSQLDB jars to test other versions. 7 | 8 | Should support Union, Boolean, Stacked but not Error (JSP error exception does not provide item values). 9 | 10 | Should start on http://127.0.0.1:8080/hsqldb_1_7_2/ and http://127.0.0.1:8080/hsqldb_2_2_9/ 11 | -------------------------------------------------------------------------------- /hsqldb/WEB-INF/web.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | UsingHsqldb1 4 | 5 | 6 | Register 7 | Register 8 | Register 9 | 10 | 11 | Register 12 | /Register 13 | 14 | 15 | 16 | ViewRecords 17 | ViewRecords 18 | ViewRecords 19 | 20 | 21 | ViewRecords 22 | /ViewRecords 23 | 24 | -------------------------------------------------------------------------------- /hsqldb/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Register Here 6 | 7 | 8 |
9 | User Name
10 | 11 |
12 | Email
13 | 14 |
15 | Phone no
16 | 17 |
18 | 19 |
20 | 21 | -------------------------------------------------------------------------------- /hsqldb/src/Register.java: -------------------------------------------------------------------------------- 1 | import java.io.IOException; 2 | import java.io.PrintWriter; 3 | import java.sql.Connection; 4 | import java.sql.DriverManager; 5 | import java.sql.PreparedStatement; 6 | import java.sql.SQLException; 7 | 8 | import javax.servlet.ServletException; 9 | import javax.servlet.http.HttpServlet; 10 | import javax.servlet.http.HttpServletRequest; 11 | import javax.servlet.http.HttpServletResponse; 12 | 13 | public class Register extends HttpServlet { 14 | Connection con; 15 | @Override 16 | public void init() throws ServletException { 17 | try { 18 | Class.forName("org.hsqldb.jdbcDriver"); 19 | } catch (ClassNotFoundException e) { 20 | throw new ServletException(e); 21 | } 22 | try { 23 | con=DriverManager.getConnection("jdbc:hsqldb:hsqldb-1_7_2","SA",""); 24 | con.createStatement().executeUpdate("create table contacts (name varchar(45),email varchar(45),phone varchar(45))"); 25 | } catch (SQLException e) { 26 | throw new ServletException(e); 27 | } 28 | } 29 | protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { 30 | response.setContentType("text/html"); 31 | PrintWriter out=response.getWriter(); 32 | String name=request.getParameter("name"); 33 | String email=request.getParameter("email"); 34 | String phone=request.getParameter("phone"); 35 | try { 36 | PreparedStatement pst=con.prepareStatement("insert into contacts values(?,?,?)"); 37 | pst.clearParameters(); 38 | pst.setString(1, name); 39 | pst.setString(2, email); 40 | pst.setString(3, phone); 41 | int i=pst.executeUpdate(); 42 | out.write(i+" records inserted, View Records"); 43 | } catch (SQLException e) { 44 | throw new ServletException(e); 45 | } 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /hsqldb/src/ViewRecords.java: -------------------------------------------------------------------------------- 1 | 2 | import java.io.IOException; 3 | import java.io.PrintWriter; 4 | import java.sql.Connection; 5 | import java.sql.DriverManager; 6 | import java.sql.PreparedStatement; 7 | import java.sql.ResultSet; 8 | import java.sql.SQLException; 9 | 10 | import javax.servlet.ServletException; 11 | import javax.servlet.http.HttpServlet; 12 | import javax.servlet.http.HttpServletRequest; 13 | import javax.servlet.http.HttpServletResponse; 14 | 15 | public class ViewRecords extends HttpServlet { 16 | Connection con; 17 | @Override 18 | public void init() throws ServletException { 19 | try { 20 | Class.forName("org.hsqldb.jdbcDriver"); 21 | } catch (ClassNotFoundException e) { 22 | e.printStackTrace(System.out); 23 | } 24 | try { 25 | con=DriverManager.getConnection("jdbc:hsqldb:hsqldb-1_7_2","SA",""); 26 | } catch (SQLException e) { 27 | e.printStackTrace(System.out); 28 | } 29 | } 30 | protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { 31 | response.setContentType("text/html"); 32 | PrintWriter out=response.getWriter(); 33 | try { 34 | String name = request.getParameter("name"); 35 | ResultSet rs =con.createStatement().executeQuery("select * from contacts where name='" + name + "'"); 36 | while(rs.next()){ 37 | out.write("
"+rs.getString(1)); 38 | out.write(", "+rs.getString(2)); 39 | out.write(", "+rs.getString(3)); 40 | } 41 | out.write("
Home "); 42 | } catch (SQLException e) { 43 | throw new ServletException(e); 44 | } 45 | } 46 | 47 | } 48 | -------------------------------------------------------------------------------- /index.php: -------------------------------------------------------------------------------- 1 | Index\n\n"; 17 | ?> 18 | -------------------------------------------------------------------------------- /informix/get_int.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /informix/index.php: -------------------------------------------------------------------------------- 1 | Index\n\n"; 17 | ?> 18 | -------------------------------------------------------------------------------- /ingres/get_int.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /ingres/index.php: -------------------------------------------------------------------------------- 1 | Index\n\n"; 17 | ?> 18 | -------------------------------------------------------------------------------- /libs/access.inc.php: -------------------------------------------------------------------------------- 1 | \n"; 17 | 18 | // Print SQL query to test sqlmap '--string' command line option 19 | //print "SQL query: " . $query . "
\n"; 20 | 21 | // Perform SQL injection affected query 22 | $result = odbc_exec($link, $query); 23 | 24 | if (!$result) { 25 | if ($show_errors) 26 | print "SQL error: ". odbc_errormsg() . "
\n"; 27 | exit(1); 28 | } 29 | 30 | if (!$show_output) 31 | exit(1); 32 | 33 | print "SQL results:\n"; 34 | print "\n"; 35 | 36 | while ($line = odbc_fetch_array($result)) { 37 | print ""; 38 | foreach ($line as $col_value) { 39 | print ""; 40 | } 41 | print "\n"; 42 | if (!$all_results) 43 | break; 44 | } 45 | 46 | print "
" . $col_value . "
\n"; 47 | print ""; 48 | } 49 | ?> 50 | -------------------------------------------------------------------------------- /libs/db2.inc.php: -------------------------------------------------------------------------------- 1 | \n"; 16 | 17 | // Print SQL query to test sqlmap '--string' command line option 18 | //print "SQL query: " . $query . "
\n"; 19 | 20 | // Perform SQL injection affected query 21 | $stmt = db2_prepare($link, $query); 22 | $result = db2_execute($stmt); 23 | 24 | if (!$result) { 25 | if ($show_errors) 26 | print "SQL error: ". db2_stmt_errormsg($stmt) . "
\n"; 27 | exit(1); 28 | } 29 | 30 | if (!$show_output) 31 | exit(1); 32 | 33 | print "SQL results:\n"; 34 | print "\n"; 35 | 36 | while ($line = db2_fetch_array($stmt)) { 37 | print ""; 38 | foreach ($line as $col_value) { 39 | print ""; 40 | } 41 | print "\n"; 42 | if (!$all_results) 43 | break; 44 | } 45 | 46 | print "
" . $col_value . "
\n"; 47 | print ""; 48 | } 49 | ?> 50 | -------------------------------------------------------------------------------- /libs/firebird.inc.php: -------------------------------------------------------------------------------- 1 | \n"; 16 | 17 | // Print SQL query to test sqlmap '--string' command line option 18 | //print "SQL query: " . $query . "
\n"; 19 | 20 | // Perform SQL injection affected query 21 | $result = ibase_query($link, $query); 22 | 23 | if (!$result) { 24 | if ($show_errors) 25 | print "SQL error: ". ibase_errmsg() . "
\n"; 26 | exit(1); 27 | } 28 | 29 | print "SQL results:\n"; 30 | print "\n"; 31 | 32 | while ($line = ibase_fetch_assoc($result)) { 33 | // This must stay here for Firebird 34 | if (!$show_output) 35 | exit(1); 36 | 37 | print ""; 38 | foreach ($line as $col_value) { 39 | print ""; 40 | } 41 | print "\n"; 42 | if (!$all_results) 43 | break; 44 | } 45 | 46 | print "
" . $col_value . "
\n"; 47 | print ""; 48 | } 49 | ?> 50 | -------------------------------------------------------------------------------- /libs/firebird_user.inc.php: -------------------------------------------------------------------------------- 1 | \n"; 16 | 17 | // Print SQL query to test sqlmap '--string' command line option 18 | //print "SQL query: " . $query . "
\n"; 19 | 20 | // Perform SQL injection affected query 21 | $result = ibase_query($link, $query); 22 | 23 | if (!$result) { 24 | if ($show_errors) 25 | print "SQL error: ". ibase_errmsg() . "
\n"; 26 | exit(1); 27 | } 28 | 29 | print "SQL results:\n"; 30 | print "\n"; 31 | 32 | while ($line = ibase_fetch_assoc($result)) { 33 | // This must stay here for Firebird 34 | if (!$show_output) 35 | exit(1); 36 | 37 | print ""; 38 | foreach ($line as $col_value) { 39 | print ""; 40 | } 41 | print "\n"; 42 | if (!$all_results) 43 | break; 44 | } 45 | 46 | print "
" . $col_value . "
\n"; 47 | print ""; 48 | } 49 | ?> 50 | -------------------------------------------------------------------------------- /libs/index.php: -------------------------------------------------------------------------------- 1 | Index\n\n"; 17 | ?> 18 | -------------------------------------------------------------------------------- /libs/informix.inc.php: -------------------------------------------------------------------------------- 1 | getMessage(); 24 | } 25 | 26 | // Print results in HTML 27 | print "\n"; 28 | 29 | // Print SQL query to test sqlmap '--string' command line option 30 | //print "SQL query: " . $query . "
\n"; 31 | 32 | // Perform SQL injection affected query 33 | $stmt = $link->query($query); 34 | $stmt->setFetchMode(PDO::FETCH_COLUMN); 35 | 36 | if (!$stmt) { 37 | exit(1); 38 | } 39 | 40 | if (!$show_output) 41 | exit(1); 42 | 43 | print "SQL results:\n"; 44 | print "\n"; 45 | 46 | while($row = $stmt->fetch()) { 47 | print ""; 48 | echo ""; 49 | echo ""; 50 | echo ""; 51 | echo "\n"; 52 | if (!$all_results) 53 | break; 54 | } 55 | 56 | print "
" . $row[0] . "" . $row[1] . "" . $row[2] . "
\n"; 57 | print ""; 58 | } 59 | ?> 60 | -------------------------------------------------------------------------------- /libs/ingres.inc.php: -------------------------------------------------------------------------------- 1 | \n"; 16 | 17 | // Print SQL query to test sqlmap '--string' command line option 18 | //print "SQL query: " . $query . "
\n"; 19 | 20 | // Perform SQL injection affected query 21 | //$result = ingres_query($link, $query); // on PECL Ingres > 2 22 | $result = ingres_query($query, $link); 23 | 24 | if (!$result) { 25 | if ($show_errors) 26 | print "SQL error: ". ingres_error() . "
\n"; 27 | exit(1); 28 | } 29 | 30 | if (!$show_output) 31 | exit(1); 32 | 33 | print "SQL results:\n"; 34 | print "\n"; 35 | 36 | //while ($line = ingres_fetch_assoc($result)) { // on PECL Ingres > 2 37 | while ($line = ingres_fetch_array($result)) { 38 | print ""; 39 | foreach ($line as $col_value) { 40 | print ""; 41 | } 42 | print "\n"; 43 | if (!$all_results) 44 | break; 45 | } 46 | 47 | print "
" . $col_value . "
\n"; 48 | print ""; 49 | } 50 | ?> 51 | -------------------------------------------------------------------------------- /libs/maxdb.inc.php: -------------------------------------------------------------------------------- 1 | \n"; 16 | 17 | // Print SQL query to test sqlmap '--string' command line option 18 | //print "SQL query: " . $query . "
\n"; 19 | 20 | // Perform SQL injection affected query 21 | $result = maxdb_query($link, $query); 22 | 23 | if (!$result) { 24 | if ($show_errors) 25 | print "SQL error: ". maxdb_error($link) . "
\n"; 26 | exit(1); 27 | } 28 | 29 | if (!$show_output) 30 | exit(1); 31 | 32 | print "SQL results:\n"; 33 | print "\n"; 34 | 35 | while ($line = maxdb_fetch_array($result, MAXDB_ASSOC)) { 36 | print ""; 37 | foreach ($line as $col_value) { 38 | print ""; 39 | } 40 | print "\n"; 41 | if (!$all_results) 42 | break; 43 | } 44 | 45 | print "
" . $col_value . "
\n"; 46 | print ""; 47 | } 48 | ?> 49 | -------------------------------------------------------------------------------- /libs/maxdb_user.inc.php: -------------------------------------------------------------------------------- 1 | \n"; 16 | 17 | // Print SQL query to test sqlmap '--string' command line option 18 | //print "SQL query: " . $query . "
\n"; 19 | 20 | // Perform SQL injection affected query 21 | $result = maxdb_query($link, $query); 22 | 23 | if (!$result) { 24 | if ($show_errors) 25 | print "SQL error: ". maxdb_error($link) . "
\n"; 26 | exit(1); 27 | } 28 | 29 | if (!$show_output) 30 | exit(1); 31 | 32 | print "SQL results:\n"; 33 | print "\n"; 34 | 35 | while ($line = maxdb_fetch_array($result, MAXDB_ASSOC)) { 36 | print ""; 37 | foreach ($line as $col_value) { 38 | print ""; 39 | } 40 | print "\n"; 41 | if (!$all_results) 42 | break; 43 | } 44 | 45 | print "
" . $col_value . "
\n"; 46 | print ""; 47 | } 48 | ?> 49 | -------------------------------------------------------------------------------- /libs/mssql.inc.php: -------------------------------------------------------------------------------- 1 | \n"; 22 | 23 | // Print SQL query to test sqlmap '--string' command line option 24 | //print "SQL query: " . $query . "
\n"; 25 | 26 | // Perform SQL injection affected query 27 | $result = mssql_query($query); 28 | 29 | if (!$result) { 30 | if ($show_errors) 31 | print "SQL error: ". mssql_get_last_message() . "
\n"; 32 | exit(1); 33 | } 34 | 35 | if (!$show_output) 36 | exit(1); 37 | 38 | print "SQL results:\n"; 39 | print "\n"; 40 | 41 | while ($line = mssql_fetch_array($result, MSSQL_ASSOC)) { 42 | print ""; 43 | foreach ($line as $col_value) { 44 | print ""; 45 | } 46 | print "\n"; 47 | if (!$all_results) 48 | break; 49 | } 50 | 51 | print "
" . $col_value . "
\n"; 52 | print ""; 53 | } 54 | ?> 55 | -------------------------------------------------------------------------------- /libs/mssql_user.inc.php: -------------------------------------------------------------------------------- 1 | \n"; 22 | 23 | // Print SQL query to test sqlmap '--string' command line option 24 | //print "SQL query: " . $query . "
\n"; 25 | 26 | // Perform SQL injection affected query 27 | $result = mssql_query($query); 28 | 29 | if (!$result) { 30 | if ($show_errors) 31 | print "SQL error: ". mssql_get_last_message() . "
\n"; 32 | exit(1); 33 | } 34 | 35 | if (!$show_output) 36 | exit(1); 37 | 38 | print "SQL results:\n"; 39 | print "\n"; 40 | 41 | while ($line = mssql_fetch_array($result, MSSQL_ASSOC)) { 42 | print ""; 43 | foreach ($line as $col_value) { 44 | print ""; 45 | } 46 | print "\n"; 47 | if (!$all_results) 48 | break; 49 | } 50 | 51 | print "
" . $col_value . "
\n"; 52 | print ""; 53 | } 54 | ?> 55 | -------------------------------------------------------------------------------- /libs/mysql.inc.php: -------------------------------------------------------------------------------- 1 | \n"; 22 | 23 | // Print SQL query to test sqlmap '--string' command line option 24 | //print "SQL query: " . $query . "
\n"; 25 | 26 | // Perform SQL injection affected query 27 | $result = mysql_query($query); 28 | 29 | if (!$result) { 30 | if ($show_errors) 31 | print "SQL error: ". mysql_error() . "
\n"; 32 | exit(1); 33 | } 34 | 35 | if (!$show_output) 36 | exit(1); 37 | 38 | print "SQL results:\n"; 39 | print "\n"; 40 | 41 | while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) { 42 | print ""; 43 | foreach ($line as $col_value) { 44 | print ""; 45 | } 46 | print "\n"; 47 | if (!$all_results) 48 | break; 49 | } 50 | 51 | print "
" . $col_value . "
\n"; 52 | print ""; 53 | } 54 | ?> 55 | -------------------------------------------------------------------------------- /libs/mysql_user.inc.php: -------------------------------------------------------------------------------- 1 | \n"; 22 | 23 | // Print SQL query to test sqlmap '--string' command line option 24 | //print "SQL query: " . $query . "
\n"; 25 | 26 | // Perform SQL injection affected query 27 | $result = mysql_query($query); 28 | 29 | if (!$result) { 30 | if ($show_errors) 31 | print "SQL error: ". mysql_error() . "
\n"; 32 | exit(1); 33 | } 34 | 35 | if (!$show_output) 36 | exit(1); 37 | 38 | print "SQL results:\n"; 39 | print "\n"; 40 | 41 | while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) { 42 | print ""; 43 | foreach ($line as $col_value) { 44 | print ""; 45 | } 46 | print "\n"; 47 | if (!$all_results) 48 | break; 49 | } 50 | 51 | print "
" . $col_value . "
\n"; 52 | print ""; 53 | } 54 | ?> 55 | -------------------------------------------------------------------------------- /libs/oracle.inc.php: -------------------------------------------------------------------------------- 1 | \n"; 16 | 17 | // Print SQL query to test sqlmap '--string' command line option 18 | //print "SQL query: " . $query . "
\n"; 19 | 20 | // Perform SQL injection affected query 21 | $stid = oci_parse($link, $query); 22 | if (!$stid) { 23 | $e = oci_error($link); 24 | die(htmlentities($e['message'])); 25 | } 26 | 27 | $result = oci_execute($stid, OCI_DEFAULT); 28 | 29 | if (!$result) { 30 | if ($show_errors) { 31 | $e = oci_error($stid); 32 | print "SQL error: ". $e['message'] . "
\n"; 33 | } 34 | exit(1); 35 | } 36 | 37 | if (!$show_output) 38 | exit(1); 39 | 40 | print "SQL results:\n"; 41 | print "\n"; 42 | 43 | while ($line = oci_fetch_array($stid, OCI_ASSOC)) { 44 | print ""; 45 | foreach ($line as $col_value) { 46 | print ""; 47 | } 48 | print "\n"; 49 | if (!$all_results) 50 | break; 51 | } 52 | 53 | print "
" . $col_value . "
\n"; 54 | print ""; 55 | } 56 | ?> 57 | -------------------------------------------------------------------------------- /libs/oracle_user.inc.php: -------------------------------------------------------------------------------- 1 | \n"; 16 | 17 | // Print SQL query to test sqlmap '--string' command line option 18 | //print "SQL query: " . $query . "
\n"; 19 | 20 | // Perform SQL injection affected query 21 | $stid = oci_parse($link, $query); 22 | if (!$stid) { 23 | $e = oci_error($link); 24 | die(htmlentities($e['message'])); 25 | } 26 | 27 | $result = oci_execute($stid, OCI_DEFAULT); 28 | 29 | if (!$result) { 30 | if ($show_errors) { 31 | $e = oci_error($stid); 32 | print "SQL error: ". $e['message'] . "
\n"; 33 | } 34 | exit(1); 35 | } 36 | 37 | if (!$show_output) 38 | exit(1); 39 | 40 | print "SQL results:\n"; 41 | print "\n"; 42 | 43 | while ($line = oci_fetch_array($stid, OCI_ASSOC)) { 44 | print ""; 45 | foreach ($line as $col_value) { 46 | print ""; 47 | } 48 | print "\n"; 49 | if (!$all_results) 50 | break; 51 | } 52 | 53 | print "
" . $col_value . "
\n"; 54 | print ""; 55 | } 56 | ?> 57 | -------------------------------------------------------------------------------- /libs/pgsql.inc.php: -------------------------------------------------------------------------------- 1 | \n"; 16 | 17 | // Print SQL query to test sqlmap '--string' command line option 18 | //print "SQL query: " . $query . "
\n"; 19 | 20 | // Perform SQL injection affected query 21 | $result = pg_query($query); 22 | 23 | if (!$result) { 24 | if ($show_errors) 25 | print "SQL error: ". pg_last_error() . "
\n"; 26 | exit(1); 27 | } 28 | 29 | if (!$show_output) 30 | exit(1); 31 | 32 | print "SQL results:\n"; 33 | print "\n"; 34 | 35 | while ($line = pg_fetch_array($result, null, PGSQL_ASSOC)) { 36 | print ""; 37 | foreach ($line as $col_value) { 38 | print ""; 39 | } 40 | print "\n"; 41 | if (!$all_results) 42 | break; 43 | } 44 | 45 | print "
" . $col_value . "
\n"; 46 | print ""; 47 | } 48 | ?> 49 | -------------------------------------------------------------------------------- /libs/pgsql_user.inc.php: -------------------------------------------------------------------------------- 1 | \n"; 16 | 17 | // Print SQL query to test sqlmap '--string' command line option 18 | //print "SQL query: " . $query . "
\n"; 19 | 20 | // Perform SQL injection affected query 21 | $result = pg_query($query); 22 | 23 | if (!$result) { 24 | if ($show_errors) 25 | print "SQL error: ". pg_last_error() . "
\n"; 26 | exit(1); 27 | } 28 | 29 | if (!$show_output) 30 | exit(1); 31 | 32 | print "SQL results:\n"; 33 | print "\n"; 34 | 35 | while ($line = pg_fetch_array($result, null, PGSQL_ASSOC)) { 36 | print ""; 37 | foreach ($line as $col_value) { 38 | print ""; 39 | } 40 | print "\n"; 41 | if (!$all_results) 42 | break; 43 | } 44 | 45 | print "
" . $col_value . "
\n"; 46 | print ""; 47 | } 48 | ?> 49 | -------------------------------------------------------------------------------- /libs/sqlite.inc.php: -------------------------------------------------------------------------------- 1 | \n"; 17 | 18 | // Print SQL query to test sqlmap '--string' command line option 19 | //print "SQL query: " . $query . "
\n"; 20 | 21 | // Perform SQL injection affected query 22 | $result = sqlite_query($link, $query); 23 | 24 | if (!$result) { 25 | if ($show_errors) 26 | print "SQL error: ". sqlite_error_string(sqlite_last_error($link)) . "
\n"; 27 | exit(1); 28 | } 29 | 30 | if (!$show_output) 31 | exit(1); 32 | 33 | print "SQL results:\n"; 34 | print "\n"; 35 | 36 | while ($line = sqlite_fetch_array($result, SQLITE_ASSOC)) { 37 | print ""; 38 | foreach ($line as $col_value) { 39 | print ""; 40 | } 41 | print "\n"; 42 | if (!$all_results) 43 | break; 44 | } 45 | 46 | print "
" . $col_value . "
\n"; 47 | print ""; 48 | } 49 | ?> 50 | -------------------------------------------------------------------------------- /libs/sqlite3.inc.php: -------------------------------------------------------------------------------- 1 | \n"; 17 | 18 | // Print SQL query to test sqlmap '--string' command line option 19 | //print "SQL query: " . $query . "
\n"; 20 | 21 | // Perform SQL injection affected query 22 | $result = $link->query($query); 23 | 24 | if (!$result) { 25 | if ($show_errors) 26 | print "SQL error: ". $link->lastErrorMsg() . "
\n"; 27 | exit(1); 28 | } 29 | 30 | if (!$show_output) 31 | exit(1); 32 | 33 | print "SQL results:\n"; 34 | print "\n"; 35 | 36 | while ($line = $result->fetchArray(SQLITE3_ASSOC)) { 37 | print ""; 38 | foreach ($line as $col_value) { 39 | print ""; 40 | } 41 | print "\n"; 42 | if (!$all_results) 43 | break; 44 | } 45 | 46 | print "
" . $col_value . "
\n"; 47 | print ""; 48 | } 49 | ?> 50 | -------------------------------------------------------------------------------- /libs/sybase.inc.php: -------------------------------------------------------------------------------- 1 | \n"; 22 | 23 | // Print SQL query to test sqlmap '--string' command line option 24 | //print "SQL query: " . $query . "
\n"; 25 | 26 | // Perform SQL injection affected query 27 | $result = sybase_query($query); 28 | 29 | if (!$result) { 30 | if ($show_errors) 31 | print "SQL error: ". sybase_get_last_message() . "
\n"; 32 | exit(1); 33 | } 34 | 35 | if (!$show_output) 36 | exit(1); 37 | 38 | print "SQL results:\n"; 39 | print "\n"; 40 | 41 | while ($line = sybase_fetch_assoc($result)) { 42 | print ""; 43 | foreach ($line as $col_value) { 44 | print ""; 45 | } 46 | print "\n"; 47 | if (!$all_results) 48 | break; 49 | } 50 | 51 | print "
" . $col_value . "
\n"; 52 | print ""; 53 | } 54 | ?> 55 | -------------------------------------------------------------------------------- /libs/sybase_user.inc.php: -------------------------------------------------------------------------------- 1 | \n"; 22 | 23 | // Print SQL query to test sqlmap '--string' command line option 24 | //print "SQL query: " . $query . "
\n"; 25 | 26 | // Perform SQL injection affected query 27 | $result = sybase_query($query); 28 | 29 | if (!$result) { 30 | if ($show_errors) 31 | print "SQL error: ". sybase_get_last_message() . "
\n"; 32 | exit(1); 33 | } 34 | 35 | if (!$show_output) 36 | exit(1); 37 | 38 | print "SQL results:\n"; 39 | print "\n"; 40 | 41 | while ($line = sybase_fetch_assoc($result)) { 42 | print ""; 43 | foreach ($line as $col_value) { 44 | print ""; 45 | } 46 | print "\n"; 47 | if (!$all_results) 48 | break; 49 | } 50 | 51 | print "
" . $col_value . "
\n"; 52 | print ""; 53 | } 54 | ?> 55 | -------------------------------------------------------------------------------- /maxdb/get_int.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /maxdb/index.php: -------------------------------------------------------------------------------- 1 | Index\n\n"; 17 | ?> 18 | -------------------------------------------------------------------------------- /mssql/cookie_brackets.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mssql/cookie_dstr.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mssql/cookie_int.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mssql/cookie_str.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mssql/get_brackets.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mssql/get_dstr.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mssql/get_int.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mssql/get_int_partialunion.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mssql/get_str.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mssql/header_brackets.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mssql/header_dstr.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mssql/header_str.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mssql/iis/get_int.asp: -------------------------------------------------------------------------------- 1 | <% 2 | Option Explicit 3 | ' Dimension Local variables 4 | Dim objConn 5 | Dim objRS 6 | Dim strDSN 7 | Dim strSQL 8 | Dim intTotalColumns 9 | Dim intCounter 10 | Dim id 11 | 12 | ' Set the ADO Constants if you are not including 13 | ' the adovbs.inc file 14 | Const adOpenStatic = 3 15 | Const adLockReadOnly = 1 16 | 17 | Set objConn = Server.CreateObject("ADODB.Connection") 18 | Set objRS = Server.CreateObject("ADODB.Recordset") 19 | 20 | strDSN = "Driver={SQL Server};Server=127.0.0.1;Database=testdb;UID=sa;PWD=testpass" 21 | 22 | objConn.Open strDSN 23 | 24 | id = Request.QueryString("id") 25 | strSQL = "SELECT * FROM users WHERE id = '" + id + "'" 26 | 27 | objRS.Open strSQL, objConn, adOpenStatic,adLockReadOnly 28 | 29 | ' get the total number of columns 30 | intTotalColumns = objRS.Fields.Count - 1 31 | %> 32 | 33 | 34 | <% 35 | ' first display the column names 36 | For intCounter = 0 To intTotalColumns 37 | %> 38 | 41 | <% 42 | Next 43 | 44 | Response.write "" 45 | 46 | ' now loop through the recordset and display the data 47 | Do Until objRS.EOF = True 48 | 49 | Response.Write "" 50 | For intCounter = 0 To intTotalColumns 51 | 52 | Response.Write "" 55 | 56 | Next 57 | Response.Write "" 58 | 59 | objRS.Movenext 60 | Loop 61 | %> 62 |
39 | <%=objRS(intCounter).Name%> 40 |
" 53 | Response.write objRS(intCounter).Value 54 | Response.Write "
63 | <% 64 | 65 | ' Close Recordset 66 | objRS.Close 67 | Set objRS = Nothing 68 | 69 | objConn.Close 70 | Set objConn = Nothing 71 | %> 72 | -------------------------------------------------------------------------------- /mssql/iis/get_int_having.asp: -------------------------------------------------------------------------------- 1 | <% 2 | Option Explicit 3 | ' Dimension Local variables 4 | Dim objConn 5 | Dim objRS 6 | Dim strDSN 7 | Dim strSQL 8 | Dim intTotalColumns 9 | Dim intCounter 10 | Dim id 11 | 12 | ' Set the ADO Constants if you are not including 13 | ' the adovbs.inc file 14 | Const adOpenStatic = 3 15 | Const adLockReadOnly = 1 16 | 17 | Set objConn = Server.CreateObject("ADODB.Connection") 18 | Set objRS = Server.CreateObject("ADODB.Recordset") 19 | 20 | strDSN = "Driver={SQL Server};Server=FILENOTFOUND\SQLEXPRESS;Database=testdb;UID=sa;PWD=testpass" 21 | 22 | objConn.Open strDSN 23 | 24 | id = Request.QueryString("id") 25 | 26 | strSQL = "SELECT MIN(name) from users GROUP BY id HAVING id = " + id 27 | 28 | objRS.Open strSQL, objConn, adOpenStatic,adLockReadOnly 29 | 30 | ' get the total number of columns 31 | intTotalColumns = objRS.Fields.Count - 1 32 | %> 33 | 34 | 35 | <% 36 | ' first display the column names 37 | For intCounter = 0 To intTotalColumns 38 | %> 39 | 42 | <% 43 | Next 44 | 45 | Response.write "" 46 | 47 | ' now loop through the recordset and display the data 48 | Do Until objRS.EOF = True 49 | 50 | Response.Write "" 51 | For intCounter = 0 To intTotalColumns 52 | 53 | Response.Write "" 56 | 57 | Next 58 | Response.Write "" 59 | 60 | objRS.Movenext 61 | Loop 62 | %> 63 |
40 | <%=objRS(intCounter).Name%> 41 |
" 54 | Response.write objRS(intCounter).Value 55 | Response.Write "
64 | <% 65 | 66 | ' Close Recordset 67 | objRS.Close 68 | Set objRS = Nothing 69 | 70 | objConn.Close 71 | Set objConn = Nothing 72 | %> 73 | -------------------------------------------------------------------------------- /mssql/iis/get_int_partialunion.asp: -------------------------------------------------------------------------------- 1 | <% 2 | Option Explicit 3 | ' Dimension Local variables 4 | Dim objConn 5 | Dim objRS 6 | Dim strDSN 7 | Dim strSQL 8 | Dim intTotalColumns 9 | Dim intCounter 10 | Dim id 11 | 12 | ' Set the ADO Constants if you are not including 13 | ' the adovbs.inc file 14 | Const adOpenStatic = 3 15 | Const adLockReadOnly = 1 16 | 17 | Set objConn = Server.CreateObject("ADODB.Connection") 18 | Set objRS = Server.CreateObject("ADODB.Recordset") 19 | 20 | strDSN = "Driver={SQL Server};Server=FILENOTFOUND\SQLEXPRESS;Database=testdb;UID=sa;PWD=testpass" 21 | 22 | objConn.Open strDSN 23 | 24 | id = Request.QueryString("id") 25 | strSQL = "SELECT * FROM users WHERE id = '" + id + "'" 26 | 27 | objRS.Open strSQL, objConn, adOpenStatic,adLockReadOnly 28 | 29 | ' get the total number of columns 30 | intTotalColumns = objRS.Fields.Count - 1 31 | %> 32 | 33 | 34 | <% 35 | ' first display the column names 36 | For intCounter = 0 To intTotalColumns 37 | %> 38 | 41 | <% 42 | Next 43 | 44 | Response.write "" 45 | 46 | ' now loop through the recordset and display the data 47 | Do Until objRS.EOF = True 48 | 49 | Response.Write "" 50 | For intCounter = 0 To intTotalColumns 51 | 52 | Response.Write "" 55 | 56 | Next 57 | Response.Write "" 58 | 59 | Exit Do 60 | 61 | objRS.Movenext 62 | Loop 63 | %> 64 |
39 | <%=objRS(intCounter).Name%> 40 |
" 53 | Response.write objRS(intCounter).Value 54 | Response.Write "
65 | <% 66 | 67 | ' Close Recordset 68 | objRS.Close 69 | Set objRS = Nothing 70 | 71 | objConn.Close 72 | Set objConn = Nothing 73 | %> 74 | -------------------------------------------------------------------------------- /mssql/iis/get_proc.asp: -------------------------------------------------------------------------------- 1 | <% 2 | Option Explicit 3 | ' Dimension Local variables 4 | Dim objConn 5 | Dim objRS 6 | Dim strDSN 7 | Dim strSQL 8 | Dim intTotalColumns 9 | Dim intCounter 10 | Dim name 11 | 12 | ' Set the ADO Constants if you are not including 13 | ' the adovbs.inc file 14 | Const adOpenStatic = 3 15 | Const adLockReadOnly = 1 16 | 17 | Set objConn = Server.CreateObject("ADODB.Connection") 18 | Set objRS = Server.CreateObject("ADODB.Recordset") 19 | 20 | strDSN = "Driver={SQL Server};Server=127.0.0.1;Database=testdb;UID=sa;PWD=testpass" 21 | 22 | objConn.Open strDSN 23 | 24 | name = Request.QueryString("name") 25 | //strSQL = "SELECT * FROM users WHERE id = '" + id + "'" 26 | strSQL = "FindRecord """ + name + """" 27 | 28 | objRS.Open strSQL, objConn, adOpenStatic,adLockReadOnly 29 | 30 | ' get the total number of columns 31 | intTotalColumns = objRS.Fields.Count - 1 32 | %> 33 | 34 | 35 | <% 36 | ' first display the column names 37 | For intCounter = 0 To intTotalColumns 38 | %> 39 | 42 | <% 43 | Next 44 | 45 | Response.write "" 46 | 47 | ' now loop through the recordset and display the data 48 | Do Until objRS.EOF = True 49 | 50 | Response.Write "" 51 | For intCounter = 0 To intTotalColumns 52 | 53 | Response.Write "" 56 | 57 | Next 58 | Response.Write "" 59 | 60 | objRS.Movenext 61 | Loop 62 | %> 63 |
40 | <%=objRS(intCounter).Name%> 41 |
" 54 | Response.write objRS(intCounter).Value 55 | Response.Write "
64 | <% 65 | 66 | ' Close Recordset 67 | objRS.Close 68 | Set objRS = Nothing 69 | 70 | objConn.Close 71 | Set objConn = Nothing 72 | %> 73 | -------------------------------------------------------------------------------- /mssql/iis/get_str.asp: -------------------------------------------------------------------------------- 1 | <% 2 | Option Explicit 3 | ' Dimension Local variables 4 | Dim objConn 5 | Dim objRS 6 | Dim strDSN 7 | Dim strSQL 8 | Dim intTotalColumns 9 | Dim intCounter 10 | Dim name 11 | 12 | ' Set the ADO Constants if you are not including 13 | ' the adovbs.inc file 14 | Const adOpenStatic = 3 15 | Const adLockReadOnly = 1 16 | 17 | Set objConn = Server.CreateObject("ADODB.Connection") 18 | Set objRS = Server.CreateObject("ADODB.Recordset") 19 | 20 | strDSN = "Provider=SQLOLEDB; Data Source = (local); Initial Catalog = master; User Id = sa; Password=" 21 | 22 | objConn.Open strDSN 23 | 24 | ' name = "luther" 25 | name = Request.QueryString("name") 26 | strSQL = "SELECT * FROM users WHERE name = '" + name + "'" 27 | 28 | objRS.Open strSQL, objConn, adOpenStatic,adLockReadOnly 29 | 30 | ' get the total number of columns 31 | intTotalColumns = objRS.Fields.Count - 1 32 | ' DEBUG PRINT: 33 | ' Response.write intTotalColumns 34 | %> 35 | 36 | 37 | <% 38 | ' first display the column names 39 | For intCounter = 0 To intTotalColumns 40 | %> 41 | 44 | <% 45 | Next 46 | 47 | Response.write "" 48 | 49 | ' now loop through the recordset and display the data 50 | Do Until objRS.EOF = True 51 | 52 | Response.Write "" 53 | For intCounter = 0 To intTotalColumns 54 | 55 | Response.Write "" 58 | 59 | Next 60 | Response.Write "" 61 | 62 | objRS.Movenext 63 | Loop 64 | %> 65 |
42 | <%=objRS(intCounter).Name%> 43 |
" 56 | Response.write objRS(intCounter).Value 57 | Response.Write "
66 | <% 67 | 68 | ' Close Recordset 69 | objRS.Close 70 | Set objRS = Nothing 71 | 72 | objConn.Close 73 | Set objConn = Nothing 74 | %> 75 | -------------------------------------------------------------------------------- /mssql/iis/get_str2.asp: -------------------------------------------------------------------------------- 1 | <% 2 | Dim ame, objRS, strSQL 3 | 4 | name = Request.QueryString("name") 5 | 6 | strSQL = "SELECT * FROM users WHERE name='" + name + "'" 7 | 8 | Set objRS = Server.CreateObject("ADODB.Recordset") 9 | objRS.Open strSQL, "Provider=SQLOLEDB; Data Source = (local); Initial Catalog = master; User Id = sa; Password=" 10 | 11 | If (objRS.EOF) Then 12 | Response.Write "Invalid login." 13 | Else 14 | Response.Write "You are logged in as " & objRS("name") 15 | End If 16 | 17 | Set objRS = Nothing 18 | %> 19 | -------------------------------------------------------------------------------- /mssql/iis/post_str.asp: -------------------------------------------------------------------------------- 1 | <% 2 | Option Explicit 3 | ' Dimension Local variables 4 | Dim objConn 5 | Dim objRS 6 | Dim strDSN 7 | Dim strSQL 8 | Dim intTotalColumns 9 | Dim intCounter 10 | Dim name 11 | 12 | ' Set the ADO Constants if you are not including 13 | ' the adovbs.inc file 14 | Const adOpenStatic = 3 15 | Const adLockReadOnly = 1 16 | 17 | Set objConn = Server.CreateObject("ADODB.Connection") 18 | Set objRS = Server.CreateObject("ADODB.Recordset") 19 | 20 | strDSN = "Provider=SQLOLEDB; Data Source = (local); Initial Catalog = master; User Id = sa; Password=" 21 | 22 | objConn.Open strDSN 23 | 24 | ' name = "luther" 25 | name = Request.form("name") 26 | strSQL = "SELECT * FROM users WHERE name = '" + name + "'" 27 | 28 | objRS.Open strSQL, objConn, adOpenStatic,adLockReadOnly 29 | 30 | ' get the total number of columns 31 | intTotalColumns = objRS.Fields.Count - 1 32 | %> 33 | 34 | 35 | <% 36 | ' first display the column names 37 | For intCounter = 0 To intTotalColumns 38 | %> 39 | 42 | <% 43 | Next 44 | 45 | Response.write "" 46 | 47 | ' now loop through the recordset and display the data 48 | Do Until objRS.EOF = True 49 | 50 | Response.Write "" 51 | For intCounter = 0 To intTotalColumns 52 | 53 | Response.Write "" 56 | 57 | Next 58 | Response.Write "" 59 | 60 | objRS.Movenext 61 | Loop 62 | %> 63 |
40 | <%=objRS(intCounter).Name%> 41 |
" 54 | Response.write objRS(intCounter).Value 55 | Response.Write "
64 | <% 65 | 66 | ' Close Recordset 67 | objRS.Close 68 | Set objRS = Nothing 69 | 70 | objConn.Close 71 | Set objConn = Nothing 72 | %> -------------------------------------------------------------------------------- /mssql/index.php: -------------------------------------------------------------------------------- 1 | Index\n\n"; 17 | ?> 18 | -------------------------------------------------------------------------------- /mssql/post_brackets.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mssql/post_dstr.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mssql/post_int.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mssql/post_str.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mysql/basic/.htaccess: -------------------------------------------------------------------------------- 1 | AuthType Basic 2 | AuthName "Testing basic authentication" 3 | AuthUserFile /var/www/sqlmap/conf/users.basic 4 | AuthGroupFile /dev/null 5 | Require valid-user 6 | -------------------------------------------------------------------------------- /mysql/basic/get_int.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mysql/cookie_brackets.php: -------------------------------------------------------------------------------- 1 | 7 | 8 | -------------------------------------------------------------------------------- /mysql/cookie_dstr.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mysql/cookie_int.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mysql/cookie_str.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mysql/cookie_str2.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mysql/csrf/index.php: -------------------------------------------------------------------------------- 1 | 12 | 13 | 14 | 15 |
16 | 17 | 18 | 19 |
20 | 21 | 22 | -------------------------------------------------------------------------------- /mysql/csrf/post.php: -------------------------------------------------------------------------------- 1 | 34 | -------------------------------------------------------------------------------- /mysql/digest/.htaccess: -------------------------------------------------------------------------------- 1 | AuthType Digest 2 | AuthName "Testing digest authentication" 3 | AuthUserFile /var/www/sqlmap/conf/users.digest 4 | AuthGroupFile /dev/null 5 | AuthDigestDomain / http://127.0.0.1/ 6 | AuthDigestProvider file 7 | Require valid-user 8 | -------------------------------------------------------------------------------- /mysql/digest/get_int.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mysql/get_brackets.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mysql/get_dstr.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mysql/get_dstr_like_par.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mysql/get_dstr_like_par2.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mysql/get_int.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mysql/get_int_benchmark.php: -------------------------------------------------------------------------------- 1 | 13 | -------------------------------------------------------------------------------- /mysql/get_int_blob.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mysql/get_int_filtered.php: -------------------------------------------------------------------------------- 1 | 23 | -------------------------------------------------------------------------------- /mysql/get_int_groupby.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mysql/get_int_having.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mysql/get_int_img.php: -------------------------------------------------------------------------------- 1 | 34 | -------------------------------------------------------------------------------- /mysql/get_int_inline.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mysql/get_int_international.php: -------------------------------------------------------------------------------- 1 | \n"; 22 | 23 | // Print SQL query to test sqlmap '--string' command line option 24 | //print "SQL query: " . $query . "
\n"; 25 | 26 | // Perform SQL injection affected query 27 | $result = mysql_query($query); 28 | 29 | if (!$result) { 30 | if ($show_errors) 31 | print "SQL error: ". mysql_error() . "
\n"; 32 | exit(1); 33 | } 34 | 35 | if (!$show_output) 36 | exit(1); 37 | 38 | print "SQL results:\n"; 39 | print "\n"; 40 | 41 | while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) { 42 | print ""; 43 | foreach ($line as $col_value) { 44 | print ""; 45 | } 46 | print "\n"; 47 | if (!$all_results) 48 | break; 49 | } 50 | 51 | print "
" . $col_value . "
\n"; 52 | print ""; 53 | } 54 | 55 | $query = "SELECT * FROM international WHERE id=" . $_GET['id'] . " LIMIT 0, 1"; 56 | dbQuery($query); 57 | ?> 58 | -------------------------------------------------------------------------------- /mysql/get_int_limit.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mysql/get_int_limit_second.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mysql/get_int_noerror.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mysql/get_int_nolimit.php: -------------------------------------------------------------------------------- 1 | =" . $_GET['id']; 5 | dbQuery($query); 6 | ?> 7 | -------------------------------------------------------------------------------- /mysql/get_int_nooutput.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mysql/get_int_orderby.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mysql/get_int_partialunion.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mysql/get_int_rand.php: -------------------------------------------------------------------------------- 1 | " . rand() . "
" . rand(); 7 | print "
static line
"; 8 | print rand(); 9 | ?> 10 | -------------------------------------------------------------------------------- /mysql/get_int_redirected.php: -------------------------------------------------------------------------------- 1 | \n"; 28 | 29 | // Print SQL query to test sqlmap '--string' command line option 30 | //print "SQL query: " . $query . "
\n"; 31 | 32 | if (!$show_output) 33 | exit(1); 34 | 35 | print "SQL results:\n"; 36 | print "\n"; 37 | 38 | while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) { 39 | print ""; 40 | foreach ($line as $col_value) { 41 | print ""; 42 | } 43 | print "\n"; 44 | if (!$all_results) 45 | break; 46 | } 47 | 48 | print "
" . $col_value . "
\n"; 49 | print ""; 50 | } 51 | 52 | $query = "SELECT * FROM users WHERE id=" . $_GET['id'] . " LIMIT 0, 1"; 53 | dbQuery($query); 54 | ?> 55 | -------------------------------------------------------------------------------- /mysql/get_int_redirected_true.php: -------------------------------------------------------------------------------- 1 | SQL error: ". mysql_error() . "
\n"; 24 | exit(1); 25 | } 26 | 27 | header("Location: /"); 28 | exit(1); 29 | } 30 | 31 | $query = "SELECT * FROM users WHERE id=" . $_GET['id'] . " LIMIT 0, 1"; 32 | dbQuery($query);?> 33 | -------------------------------------------------------------------------------- /mysql/get_int_reflective.php: -------------------------------------------------------------------------------- 1 | 5 | -------------------------------------------------------------------------------- /mysql/get_int_substr.php: -------------------------------------------------------------------------------- 1 | \n"; 20 | 21 | // Print SQL query to test sqlmap '--string' command line option 22 | //print "SQL query: " . $query . "
\n"; 23 | 24 | // Perform SQL injection affected query 25 | $result = mysql_query($query); 26 | 27 | if (!$result) { 28 | if ($show_errors) 29 | print "SQL error: ". mysql_error() . "
\n"; 30 | exit(1); 31 | } 32 | 33 | if (!$show_output) 34 | exit(1); 35 | 36 | print "SQL results:\n"; 37 | print "\n"; 38 | 39 | while ($line = mysql_fetch_array($result, MYSQL_ASSOC)) { 40 | print ""; 41 | $i = 1; 42 | foreach ($line as $col_value) { 43 | print ""; 44 | } 45 | print "\n"; 46 | if (!$all_results) 47 | break; 48 | } 49 | 50 | print "
" . substr($col_value, 0, 16) . "
\n"; 51 | print ""; 52 | } 53 | 54 | $query = "SELECT * FROM users WHERE id=" . $_GET['id'] . " LIMIT 0, 1"; 55 | dbQuery($query); 56 | ?> 57 | -------------------------------------------------------------------------------- /mysql/get_int_user.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mysql/get_str.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mysql/get_str2.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mysql/get_str_brackets.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mysql/get_str_like.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mysql/get_str_like_par.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mysql/get_str_like_par2.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mysql/get_str_like_par3.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mysql/get_str_noout.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mysql/get_str_or.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mysql/get_str_union.php: -------------------------------------------------------------------------------- 1 | 10 | -------------------------------------------------------------------------------- /mysql/header_brackets.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mysql/header_dstr.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mysql/header_str.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mysql/iis/get_int_41.asp: -------------------------------------------------------------------------------- 1 | <% 2 | Dim sConnection, objConn , objRS 3 | 4 | sConnection = "DRIVER={MySQL ODBC 5.1 Driver}; SERVER=localhost; DATABASE=testdb; UID=root;PASSWORD=testpass; OPTION=3; PORT=3305" 5 | 6 | Set objConn = Server.CreateObject("ADODB.Connection") 7 | 8 | objConn.Open(sConnection) 9 | 10 | id = Request.QueryString("id") 11 | strSQL = "SELECT * FROM users WHERE id = " + id 12 | 13 | Set objRS = objConn.Execute(strSQL) 14 | 15 | 16 | While Not objRS.EOF 17 | Response.Write objRS.Fields("name") & ", " & objRS.Fields("surname") & "
" 18 | objRS.MoveNext 19 | Wend 20 | 21 | objRS.Close 22 | Set objRS = Nothing 23 | objConn.Close 24 | Set objConn = Nothing 25 | %> 26 | -------------------------------------------------------------------------------- /mysql/iis/get_int_41.aspx: -------------------------------------------------------------------------------- 1 | <%@ Page Language="VB" debug="true" %> 2 | <%@ Import Namespace = "System.Data" %> 3 | <%@ Import Namespace = "MySql.Data.MySqlClient" %> 4 | 29 | 30 | 31 | 32 | Simple MySQL Database Query 33 | 34 | 35 | 36 |
37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | -------------------------------------------------------------------------------- /mysql/iis/get_int_50.asp: -------------------------------------------------------------------------------- 1 | <% 2 | Dim sConnection, objConn , objRS 3 | 4 | sConnection = "DRIVER={MySQL ODBC 5.1 Driver}; SERVER=localhost; DATABASE=testdb; UID=root;PASSWORD=testpass; OPTION=3; PORT=3306" 5 | 6 | Set objConn = Server.CreateObject("ADODB.Connection") 7 | 8 | objConn.Open(sConnection) 9 | 10 | id = Request.QueryString("id") 11 | strSQL = "SELECT * FROM users WHERE id = " + id 12 | 13 | Set objRS = objConn.Execute(strSQL) 14 | 15 | 16 | While Not objRS.EOF 17 | Response.Write objRS.Fields("name") & ", " & objRS.Fields("surname") & "
" 18 | objRS.MoveNext 19 | Wend 20 | 21 | objRS.Close 22 | Set objRS = Nothing 23 | objConn.Close 24 | Set objConn = Nothing 25 | %> 26 | -------------------------------------------------------------------------------- /mysql/iis/get_int_50.aspx: -------------------------------------------------------------------------------- 1 | <%@ Page Language="VB" debug="true" %> 2 | <%@ Import Namespace = "System.Data" %> 3 | <%@ Import Namespace = "MySql.Data.MySqlClient" %> 4 | 29 | 30 | 31 | 32 | Simple MySQL Database Query 33 | 34 | 35 | 36 |
37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | -------------------------------------------------------------------------------- /mysql/iis/get_int_51.asp: -------------------------------------------------------------------------------- 1 | <% 2 | Dim sConnection, objConn , objRS 3 | 4 | sConnection = "DRIVER={MySQL ODBC 5.1 Driver}; SERVER=localhost; DATABASE=testdb; UID=root;PASSWORD=testpass; OPTION=3; PORT=3307" 5 | 6 | Set objConn = Server.CreateObject("ADODB.Connection") 7 | 8 | objConn.Open(sConnection) 9 | 10 | id = Request.QueryString("id") 11 | strSQL = "SELECT * FROM users WHERE id = " + id 12 | 13 | Set objRS = objConn.Execute(strSQL) 14 | 15 | 16 | While Not objRS.EOF 17 | Response.Write objRS.Fields("name") & ", " & objRS.Fields("surname") & "
" 18 | objRS.MoveNext 19 | Wend 20 | 21 | objRS.Close 22 | Set objRS = Nothing 23 | objConn.Close 24 | Set objConn = Nothing 25 | %> 26 | -------------------------------------------------------------------------------- /mysql/iis/get_int_51.aspx: -------------------------------------------------------------------------------- 1 | <%@ Page Language="VB" debug="true" %> 2 | <%@ Import Namespace = "System.Data" %> 3 | <%@ Import Namespace = "MySql.Data.MySqlClient" %> 4 | 29 | 30 | 31 | 32 | Simple MySQL Database Query 33 | 34 | 35 | 36 |
37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | -------------------------------------------------------------------------------- /mysql/iis/get_int_60.asp: -------------------------------------------------------------------------------- 1 | <% 2 | Dim sConnection, objConn , objRS 3 | 4 | sConnection = "DRIVER={MySQL ODBC 5.1 Driver}; SERVER=localhost; DATABASE=testdb; UID=root;PASSWORD=testpass; OPTION=3; PORT=3308" 5 | 6 | Set objConn = Server.CreateObject("ADODB.Connection") 7 | 8 | objConn.Open(sConnection) 9 | 10 | id = Request.QueryString("id") 11 | strSQL = "SELECT * FROM users WHERE id = " + id 12 | 13 | Set objRS = objConn.Execute(strSQL) 14 | 15 | 16 | While Not objRS.EOF 17 | Response.Write objRS.Fields("name") & ", " & objRS.Fields("surname") & "
" 18 | objRS.MoveNext 19 | Wend 20 | 21 | objRS.Close 22 | Set objRS = Nothing 23 | objConn.Close 24 | Set objConn = Nothing 25 | %> 26 | -------------------------------------------------------------------------------- /mysql/iis/get_int_60.aspx: -------------------------------------------------------------------------------- 1 | <%@ Page Language="VB" debug="true" %> 2 | <%@ Import Namespace = "System.Data" %> 3 | <%@ Import Namespace = "MySql.Data.MySqlClient" %> 4 | 29 | 30 | 31 | 32 | Simple MySQL Database Query 33 | 34 | 35 | 36 |
37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | -------------------------------------------------------------------------------- /mysql/img/bad.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqlmapproject/testenv/a2ab9728bb4acff4e1eed506a1cd2c4ba11cbb76/mysql/img/bad.png -------------------------------------------------------------------------------- /mysql/img/ok.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/sqlmapproject/testenv/a2ab9728bb4acff4e1eed506a1cd2c4ba11cbb76/mysql/img/ok.png -------------------------------------------------------------------------------- /mysql/index.php: -------------------------------------------------------------------------------- 1 | Index\n
    \n"; 3 | $cdir = scandir("."); 4 | foreach ($cdir as $key => $file) { 5 | if ($file == "." || $file == ".git" || $file == ".gitattributes" || $file == "img" || $file == "index.php") 6 | continue; 7 | if (strstr($file, "inline")) 8 | $ext = "?id=SELECT+name+FROM+users"; 9 | else if (strstr($file, "get_")) 10 | $ext = "?id=1"; 11 | else 12 | $ext = ""; 13 | echo "
  • " . $file . $ext . "
    • \n"; 14 | closedir($dh); 15 | } 16 | echo "
\n"; 17 | ?> 18 | -------------------------------------------------------------------------------- /mysql/post_brackets.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mysql/post_dstr.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mysql/post_int.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mysql/post_str.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /mysql/referer_str.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /oracle/get_int.jsp: -------------------------------------------------------------------------------- 1 | <%@ page import="java.sql.*" %> 2 | 3 | Simple JSP/Oracle Query Example 4 | 5 |
6 | Employees 7 |

8 | 9 | 10 | <% 11 | Connection conn = null; 12 | try 13 | { 14 | String id = request.getParameter("id"); 15 | Class.forName("oracle.jdbc.driver.OracleDriver"); 16 | conn = DriverManager.getConnection( 17 | "jdbc:oracle:thin:@localhost:1521:XE", 18 | "SYS AS SYSDBA", 19 | "oracle"); 20 | String sql = "SELECT * FROM customers"; 21 | 22 | if (id != null) { 23 | sql += " WHERE id = " + id; 24 | } 25 | 26 | out.println(sql); 27 | 28 | 29 | /* PreparedStatement stmt = conn.createStatement();*/ 30 | PreparedStatement stmt = conn.prepareStatement(sql); 31 | ResultSet rs = stmt.executeQuery(); 32 | 33 | 34 | 35 | out.println(""); 36 | out.println(""); 37 | 38 | //Loop through results of query. 39 | 40 | while(rs.next()) 41 | 42 | { 43 | out.println(""); 44 | out.println(""); 45 | out.println(" "); 46 | out.println(" "); 47 | out.println(""); 48 | } 49 | 50 | out.println("
IDNAMEPASSWORD
" + rs.getInt("id") + "" + rs.getString("name") + "" + rs.getString("password") + "
"); 51 | 52 | } 53 | catch(SQLException e) 54 | { 55 | 56 | out.println("SQLException: " + e.getMessage() + "
"); 57 | while((e = e.getNextException()) != null) 58 | out.println(e.getMessage() + "
"); 59 | 60 | } 61 | 62 | catch(ClassNotFoundException e) 63 | 64 | { 65 | out.println("ClassNotFoundException: " + e.getMessage() + "
"); 66 | } 67 | finally 68 | { 69 | //Clean up resources, close the connection. 70 | if(conn != null) 71 | { 72 | try 73 | { 74 | conn.close(); 75 | } 76 | catch (Exception ignored) {} 77 | } 78 | } 79 | 80 | %> 81 | 82 |
83 | 84 | 85 | -------------------------------------------------------------------------------- /oracle/get_int.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /oracle/get_int_groupby.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /oracle/get_int_having.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /oracle/get_int_inline.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /oracle/get_int_nooutput.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /oracle/get_int_orderby.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /oracle/get_int_partialunion.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /oracle/get_int_unpriv.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /oracle/get_int_unpriv_partial.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /oracle/index.php: -------------------------------------------------------------------------------- 1 | Index\n
    \n"; 3 | $cdir = scandir("."); 4 | foreach ($cdir as $key => $file) { 5 | if ($file == "." || $file == ".git" || $file == ".gitattributes" || $file == "img" || $file == "index.php") 6 | continue; 7 | if (strstr($file, "inline")) 8 | $ext = "?id=SELECT+name+FROM+users"; 9 | else if (strstr($file, "get_")) 10 | $ext = "?id=1"; 11 | else 12 | $ext = ""; 13 | echo "
  • " . $file . $ext . "
    • \n"; 14 | closedir($dh); 15 | } 16 | echo "
\n"; 17 | ?> 18 | -------------------------------------------------------------------------------- /oracle/post_int.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /pgsql/cookie_brackets.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /pgsql/cookie_dstr.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /pgsql/cookie_int.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /pgsql/cookie_str.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /pgsql/get_brackets.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /pgsql/get_dstr.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /pgsql/get_int.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /pgsql/get_int8.2.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /pgsql/get_int8.4.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /pgsql/get_int_groupby.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /pgsql/get_int_having.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /pgsql/get_int_inline.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /pgsql/get_int_noerror.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /pgsql/get_int_nooutput.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /pgsql/get_int_orderby.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /pgsql/get_int_partialunion.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /pgsql/get_int_user.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /pgsql/get_str.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /pgsql/header_brackets.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /pgsql/header_dstr.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /pgsql/header_str.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /pgsql/iis/get_int_82.asp: -------------------------------------------------------------------------------- 1 | <% 2 | Dim sConnection, objConn , objRS 3 | 4 | sConnection = "DRIVER={PostgreSQL ANSI}; SERVER=localhost; DATABASE=testdb; UID=postgres; PASSWORD=testpass; PORT=5432" 5 | 6 | Set objConn = Server.CreateObject("ADODB.Connection") 7 | 8 | objConn.Open(sConnection) 9 | 10 | id = Request.QueryString("id") 11 | strSQL = "SELECT * FROM users WHERE id = " + id 12 | 13 | Set objRS = objConn.Execute(strSQL) 14 | 15 | 16 | While Not objRS.EOF 17 | Response.Write objRS.Fields("username") & ", " & objRS.Fields("password") & "
" 18 | objRS.MoveNext 19 | Wend 20 | 21 | objRS.Close 22 | Set objRS = Nothing 23 | objConn.Close 24 | Set objConn = Nothing 25 | %> 26 | -------------------------------------------------------------------------------- /pgsql/iis/get_int_82.aspx: -------------------------------------------------------------------------------- 1 | <%@ Page Language="C#"%> 2 | <%@ Import Namespace="System" %> 3 | <%@ Import Namespace="System.Data" %> 4 | <%@ Import Namespace="System.IO" %> 5 | <%@ Import Namespace="System.Web" %> 6 | <%@ Import Namespace="Npgsql" %> 7 | 8 | 33 | 34 | 35 | 36 | Simple PostgreSQL Database Query 37 | 38 | 39 | 40 |
41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | -------------------------------------------------------------------------------- /pgsql/iis/get_int_83.asp: -------------------------------------------------------------------------------- 1 | <% 2 | Dim sConnection, objConn , objRS 3 | 4 | sConnection = "DRIVER={PostgreSQL ANSI}; SERVER=localhost; DATABASE=testdb; UID=postgres; PASSWORD=testpass; PORT=5433" 5 | 6 | Set objConn = Server.CreateObject("ADODB.Connection") 7 | 8 | objConn.Open(sConnection) 9 | 10 | id = Request.QueryString("id") 11 | strSQL = "SELECT * FROM users WHERE id = " + id 12 | 13 | Set objRS = objConn.Execute(strSQL) 14 | 15 | 16 | While Not objRS.EOF 17 | Response.Write objRS.Fields("username") & ", " & objRS.Fields("password") & "
" 18 | objRS.MoveNext 19 | Wend 20 | 21 | objRS.Close 22 | Set objRS = Nothing 23 | objConn.Close 24 | Set objConn = Nothing 25 | %> 26 | -------------------------------------------------------------------------------- /pgsql/iis/get_int_83.aspx: -------------------------------------------------------------------------------- 1 | <%@ Page Language="C#"%> 2 | <%@ Import Namespace="System" %> 3 | <%@ Import Namespace="System.Data" %> 4 | <%@ Import Namespace="System.IO" %> 5 | <%@ Import Namespace="System.Web" %> 6 | <%@ Import Namespace="Npgsql" %> 7 | 8 | 33 | 34 | 35 | 36 | Simple PostgreSQL Database Query 37 | 38 | 39 | 40 |
41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | -------------------------------------------------------------------------------- /pgsql/iis/get_int_84.asp: -------------------------------------------------------------------------------- 1 | <% 2 | Dim sConnection, objConn , objRS 3 | 4 | sConnection = "DRIVER={PostgreSQL ANSI}; SERVER=localhost; DATABASE=testdb; UID=postgres; PASSWORD=testpass; PORT=5434" 5 | 6 | Set objConn = Server.CreateObject("ADODB.Connection") 7 | 8 | objConn.Open(sConnection) 9 | 10 | id = Request.QueryString("id") 11 | strSQL = "SELECT * FROM users WHERE id = " + id 12 | 13 | Set objRS = objConn.Execute(strSQL) 14 | 15 | 16 | While Not objRS.EOF 17 | Response.Write objRS.Fields("username") & ", " & objRS.Fields("password") & "
" 18 | objRS.MoveNext 19 | Wend 20 | 21 | objRS.Close 22 | Set objRS = Nothing 23 | objConn.Close 24 | Set objConn = Nothing 25 | %> 26 | -------------------------------------------------------------------------------- /pgsql/iis/get_int_84.aspx: -------------------------------------------------------------------------------- 1 | <%@ Page Language="C#"%> 2 | <%@ Import Namespace="System" %> 3 | <%@ Import Namespace="System.Data" %> 4 | <%@ Import Namespace="System.IO" %> 5 | <%@ Import Namespace="System.Web" %> 6 | <%@ Import Namespace="Npgsql" %> 7 | 8 | 33 | 34 | 35 | 36 | Simple PostgreSQL Database Query 37 | 38 | 39 | 40 |
41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | -------------------------------------------------------------------------------- /pgsql/index.php: -------------------------------------------------------------------------------- 1 | Index\n
    \n"; 3 | $cdir = scandir("."); 4 | foreach ($cdir as $key => $file) { 5 | if ($file == "." || $file == ".git" || $file == ".gitattributes" || $file == "img" || $file == "index.php") 6 | continue; 7 | if (strstr($file, "inline")) 8 | $ext = "?id=SELECT+name+FROM+users"; 9 | else if (strstr($file, "get_")) 10 | $ext = "?id=1"; 11 | else 12 | $ext = ""; 13 | echo "
  • " . $file . $ext . "
    • \n"; 14 | closedir($dh); 15 | } 16 | echo "
\n"; 17 | ?> 18 | -------------------------------------------------------------------------------- /pgsql/post_brackets.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /pgsql/post_dstr.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /pgsql/post_int.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /pgsql/post_str.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /schema/access.sql: -------------------------------------------------------------------------------- 1 | CREATE TABLE users ( 2 | id INTEGER, 3 | name CHAR, 4 | surname CHAR 5 | ); 6 | 7 | INSERT INTO users (id, name, surname) VALUES (1, 'luther', 'blisset'); 8 | INSERT INTO users (id, name, surname) VALUES (2, 'fluffy', 'bunny'); 9 | INSERT INTO users (id, name, surname) VALUES (3, 'wu', 'ming'); 10 | INSERT INTO users (id, name, surname) VALUES (4, 'sqlmap/1.0-dev (http://sqlmap.org)', 'user agent header'); 11 | INSERT INTO users (id, name, surname) VALUES (5, NULL, 'nameisnull'); 12 | 13 | -------------------------------------------------------------------------------- /schema/db2.sql: -------------------------------------------------------------------------------- 1 | CONNECT TO testdb 2 | CREATE TABLE users (id INTEGER, name VARCHAR(500), surname VARCHAR(1000)) 3 | INSERT INTO users (id, name, surname) VALUES (1, 'luther', 'blisset') 4 | INSERT INTO users (id, name, surname) VALUES (2, 'fluffy', 'bunny') 5 | INSERT INTO users (id, name, surname) VALUES (3, 'wu', 'ming') 6 | INSERT INTO users (id, name, surname) VALUES (4, 'sqlmap/1.0-dev (http://sqlmap.org)', 'user agent header') 7 | INSERT INTO users (id, name, surname) VALUES (5, NULL, 'nameisnull') 8 | 9 | -------------------------------------------------------------------------------- /schema/firebird.sql: -------------------------------------------------------------------------------- 1 | CREATE TABLE users ( 2 | id INTEGER, 3 | name VARCHAR(500), 4 | surname VARCHAR(1000) 5 | ); 6 | 7 | COMMIT; 8 | 9 | INSERT INTO users (id, name, surname) VALUES (1, 'luther', 'blisset'); 10 | INSERT INTO users (id, name, surname) VALUES (2, 'fluffy', 'bunny'); 11 | INSERT INTO users (id, name, surname) VALUES (3, 'wu', 'ming'); 12 | INSERT INTO users (id, name, surname) VALUES (4, 'sqlmap/1.0-dev (http://sqlmap.org)', 'user agent header'); 13 | INSERT INTO users (id, name, surname) VALUES (5, NULL, 'nameisnull'); 14 | 15 | COMMIT; 16 | 17 | -------------------------------------------------------------------------------- /schema/index.php: -------------------------------------------------------------------------------- 1 | Index\n
    \n"; 3 | $cdir = scandir("."); 4 | foreach ($cdir as $key => $file) { 5 | if ($file == "." || $file == ".git" || $file == ".gitattributes" || $file == "img" || $file == "index.php") 6 | continue; 7 | if (strstr($file, "inline")) 8 | $ext = "?id=SELECT+name+FROM+users"; 9 | else if (strstr($file, "get_")) 10 | $ext = "?id=1"; 11 | else 12 | $ext = ""; 13 | echo "
  • " . $file . $ext . "
    • \n"; 14 | closedir($dh); 15 | } 16 | echo "
\n"; 17 | ?> 18 | -------------------------------------------------------------------------------- /schema/informix.sql: -------------------------------------------------------------------------------- 1 | CREATE TABLE users (id INTEGER, name TEXT, surname TEXT); 2 | INSERT INTO users (id, name, surname) VALUES (1, 'luther', 'blisset'); 3 | INSERT INTO users (id, name, surname) VALUES (2, 'fluffy', 'bunny'); 4 | INSERT INTO users (id, name, surname) VALUES (3, 'wu', 'ming'); 5 | INSERT INTO users (id, name, surname) VALUES (4, 'sqlmap/1.0-dev (http://sqlmap.org)', 'user agent header'); 6 | INSERT INTO users (id, name, surname) VALUES (5, NULL, 'nameisnull'); 7 | 8 | -------------------------------------------------------------------------------- /schema/ingres.sql: -------------------------------------------------------------------------------- 1 | createdb testdb (from 'Ingres Command Prompt') 2 | 3 | CREATE TABLE users ( 4 | id INTEGER, 5 | name VARCHAR(500), 6 | surname VARCHAR(1000) 7 | ) 8 | 9 | INSERT INTO users (id, name, surname) VALUES (1, 'luther', 'blisset'); 10 | INSERT INTO users (id, name, surname) VALUES (2, 'fluffy', 'bunny'); 11 | INSERT INTO users (id, name, surname) VALUES (3, 'wu', 'ming'); 12 | INSERT INTO users (id, name, surname) VALUES (4, 'sqlmap/1.0-dev (http://sqlmap.org)', 'user agent header'); 13 | INSERT INTO users (id, name, surname) VALUES (5, NULL, 'nameisnull'); 14 | 15 | -------------------------------------------------------------------------------- /schema/maxdb.sql: -------------------------------------------------------------------------------- 1 | sqlcli=> \c -d testdb -u root,testpass 2 | 3 | CREATE TABLE users (id int NOT NULL, 4 | name varchar(500) default NULL, 5 | surname varchar(1000) default NULL, 6 | PRIMARY KEY (id) 7 | ) 8 | 9 | INSERT INTO users VALUES (1, 'luther', 'blisset') 10 | INSERT INTO users VALUES (2, 'fluffy', 'bunny') 11 | INSERT INTO users VALUES (3, 'wu', 'ming') 12 | INSERT INTO users VALUES (4, 'sqlmap/1.0-dev (http://sqlmap.org)', 'user agent header') 13 | INSERT INTO users VALUES (5, NULL, 'nameisnull') 14 | 15 | -------------------------------------------------------------------------------- /schema/mssql.sql: -------------------------------------------------------------------------------- 1 | CREATE TABLE users ( 2 | id int NOT NULL, 3 | name varchar(500) default NULL, 4 | surname varchar(1000) default NULL, 5 | ); 6 | 7 | INSERT INTO users (id, name, surname) VALUES (1, 'luther', 'blisset'); 8 | INSERT INTO users (id, name, surname) VALUES (2, 'fluffy', 'bunny'); 9 | INSERT INTO users (id, name, surname) VALUES (3, 'wu', 'ming'); 10 | INSERT INTO users (id, name, surname) VALUES (4, 'sqlmap/1.0-dev (http://sqlmap.org)', 'user agent header'); 11 | INSERT INTO users (id, name, surname) VALUES (5, NULL, 'nameisnull'); 12 | 13 | -------------------------------------------------------------------------------- /schema/mssql_proc.sql: -------------------------------------------------------------------------------- 1 | IF OBJECT_ID ('FindRecord') IS NOT NULL 2 | DROP PROCEDURE FindRecord; 3 | GO 4 | 5 | CREATE PROCEDURE FindRecord 6 | @name VARCHAR(MAX) 7 | AS 8 | EXEC('SELECT * FROM users WHERE users.name LIKE ''' + @name + ''''); 9 | GO 10 | -------------------------------------------------------------------------------- /schema/mysql.sql: -------------------------------------------------------------------------------- 1 | CREATE DATABASE testdb; 2 | 3 | USE testdb; 4 | 5 | CREATE TABLE IF NOT EXISTS `users` ( 6 | `id` int(11) NOT NULL, 7 | `name` varchar(500) default NULL, 8 | `surname` varchar(1000) default NULL, 9 | PRIMARY KEY (`id`) 10 | ) ENGINE=MyISAM DEFAULT CHARSET=latin1; 11 | 12 | INSERT INTO `users` (`id`, `name`, `surname`) VALUES 13 | (1, 'luther', 'blisset'), 14 | (2, 'fluffy', 'bunny'), 15 | (3, 'wu', 'ming'), 16 | (4, 'sqlmap/1.0-dev (http://sqlmap.org)', 'user agent header'), 17 | (5, NULL, 'nameisnull'); 18 | 19 | CREATE TABLE IF NOT EXISTS `international` ( 20 | `id` int(11) NOT NULL, 21 | `name` varchar(500) CHARACTER SET UTF8 default NULL, 22 | PRIMARY KEY (`id`) 23 | ) ENGINE=MyISAM DEFAULT CHARSET=utf8; 24 | 25 | INSERT INTO `international` (`id`, `name`) VALUES 26 | (1, CONVERT(0xc5a175c4877572616a USING utf8)), # Sucuraj in Croatian 27 | (2, CONVERT(0xe995bfe6b19f USING utf8)), # Jangtze in Chinese 28 | (3, CONVERT(0xd180d0b5d0bad0b020d09cd0bed181d0bad0b2d0b0 USING utf8)); # River Moscow in Russian 29 | 30 | CREATE TABLE IF NOT EXISTS `data` ( 31 | `id` int(11) NOT NULL, 32 | `content` blob default NULL, 33 | PRIMARY KEY (`id`) 34 | ) ENGINE=MyISAM DEFAULT CHARSET=latin1; 35 | 36 | INSERT INTO `data` (`id`, `content`) VALUES 37 | (1, LOAD_FILE('/usr/bin/zdump')), 38 | (2, LOAD_FILE('/usr/bin/yes')), 39 | (3, LOAD_FILE('/usr/bin/volname')); 40 | 41 | CREATE USER 'testuser'@'%' identified by 'testpass'; 42 | 43 | USE mysql; 44 | 45 | UPDATE user SET host='%' WHERE user='root' AND host='localhost'; 46 | GRANT SELECT ON testdb.* TO 'testuser'@'%'; 47 | 48 | -------------------------------------------------------------------------------- /schema/oracle.sql: -------------------------------------------------------------------------------- 1 | CREATE TABLE users ( 2 | id number, 3 | name varchar(500), 4 | surname varchar(1000) 5 | ); 6 | 7 | INSERT INTO users (id, name, surname) VALUES (1, 'luther', 'blisset'); 8 | INSERT INTO users (id, name, surname) VALUES (2, 'fluffy', 'bunny'); 9 | INSERT INTO users (id, name, surname) VALUES (3, 'wu', 'ming'); 10 | INSERT INTO users (id, name, surname) VALUES (4, 'sqlmap/1.0-dev (http://sqlmap.org)', 'user agent header'); 11 | INSERT INTO users (id, name, surname) VALUES (5, NULL, 'nameisnull'); 12 | 13 | -------------------------------------------------------------------------------- /schema/pgsql.sql: -------------------------------------------------------------------------------- 1 | CREATE TABLE users ( 2 | id integer, 3 | name character(500), 4 | surname character(1000) 5 | ); 6 | 7 | INSERT INTO users VALUES (1, 'luther', 'blisset'); 8 | INSERT INTO users VALUES (2, 'fluffy', 'bunny'); 9 | INSERT INTO users VALUES (3, 'wu', 'ming'); 10 | INSERT INTO users VALUES (4, 'sqlmap/1.0-dev (http://sqlmap.org)', 'user agent header'); 11 | INSERT INTO users VALUES (5, NULL, 'nameisnull'); 12 | 13 | CREATE USER testuser WITH PASSWORD 'testpass'; 14 | GRANT SELECT ON users TO testuser; 15 | 16 | -------------------------------------------------------------------------------- /schema/sqlite.sql: -------------------------------------------------------------------------------- 1 | CREATE TABLE users ( 2 | id INTEGER, 3 | name TEXT, 4 | surname TEXT 5 | ); 6 | 7 | INSERT INTO users (id, name, surname) VALUES (1, 'luther', 'blisset'); 8 | INSERT INTO users (id, name, surname) VALUES (2, 'fluffy', 'bunny'); 9 | INSERT INTO users (id, name, surname) VALUES (3, 'wu', 'ming'); 10 | INSERT INTO users (id, name, surname) VALUES (4, 'sqlmap/1.0-dev (http://sqlmap.org)', 'user agent header'); 11 | INSERT INTO users (id, name, surname) VALUES (5, NULL, 'nameisnull'); 12 | 13 | -------------------------------------------------------------------------------- /schema/sqlite3.sql: -------------------------------------------------------------------------------- 1 | CREATE TABLE users ( 2 | id INTEGER, 3 | name TEXT, 4 | surname TEXT 5 | ); 6 | 7 | INSERT INTO users (id, name, surname) VALUES (1, 'luther', 'blisset'); 8 | INSERT INTO users (id, name, surname) VALUES (2, 'fluffy', 'bunny'); 9 | INSERT INTO users (id, name, surname) VALUES (3, 'wu', 'ming'); 10 | INSERT INTO users (id, name, surname) VALUES (4, 'sqlmap/1.0-dev (http://sqlmap.org)', 'user agent header'); 11 | INSERT INTO users (id, name, surname) VALUES (5, NULL, 'nameisnull'); 12 | 13 | -------------------------------------------------------------------------------- /schema/sybase.sql: -------------------------------------------------------------------------------- 1 | CREATE DATABASE testdb 2 | GO 3 | 4 | USE testdb 5 | GO 6 | 7 | CREATE TABLE users ( 8 | id INTEGER NOT NULL, 9 | name VARCHAR(500) DEFAULT NULL NULL, 10 | surname VARCHAR(1000) DEFAULT NULL NULL 11 | ) 12 | GO 13 | 14 | INSERT INTO users (id, name, surname) VALUES (1, 'luther', 'blisset') 15 | GO 16 | INSERT INTO users (id, name, surname) VALUES (2, 'fluffy', 'bunny') 17 | GO 18 | INSERT INTO users (id, name, surname) VALUES (3, 'wu', 'ming') 19 | GO 20 | INSERT INTO users (id, name, surname) VALUES (4, 'sqlmap/1.0-dev (http://sqlmap.org)', 'user agent header') 21 | GO 22 | INSERT INTO users (id, name, surname) VALUES (5, NULL, 'nameisnull') 23 | GO 24 | -------------------------------------------------------------------------------- /sqlite/get_int.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /sqlite/get_int_3.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /sqlite/get_int_3_inline.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /sqlite/get_int_3_nooutput.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /sqlite/get_int_3_partialunion.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /sqlite/get_int_inline.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /sqlite/get_int_partialunion.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /sqlite/get_str_3.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /sqlite/index.php: -------------------------------------------------------------------------------- 1 | Index\n
    \n"; 3 | $cdir = scandir("."); 4 | foreach ($cdir as $key => $file) { 5 | if ($file == "." || $file == ".git" || $file == ".gitattributes" || $file == "img" || $file == "index.php") 6 | continue; 7 | if (strstr($file, "inline")) 8 | $ext = "?id=SELECT+name+FROM+users"; 9 | else if (strstr($file, "get_")) 10 | $ext = "?id=1"; 11 | else 12 | $ext = ""; 13 | echo "
  • " . $file . $ext . "
    • \n"; 14 | closedir($dh); 15 | } 16 | echo "
\n"; 17 | ?> 18 | -------------------------------------------------------------------------------- /sybase/get_int.php: -------------------------------------------------------------------------------- 1 | 7 | -------------------------------------------------------------------------------- /sybase/index.php: -------------------------------------------------------------------------------- 1 | Index\n
    \n"; 3 | $cdir = scandir("."); 4 | foreach ($cdir as $key => $file) { 5 | if ($file == "." || $file == ".git" || $file == ".gitattributes" || $file == "img" || $file == "index.php") 6 | continue; 7 | if (strstr($file, "inline")) 8 | $ext = "?id=SELECT+name+FROM+users"; 9 | else if (strstr($file, "get_")) 10 | $ext = "?id=1"; 11 | else 12 | $ext = ""; 13 | echo "
  • " . $file . $ext . "
    • \n"; 14 | closedir($dh); 15 | } 16 | echo "
\n"; 17 | ?> 18 | --------------------------------------------------------------------------------