Skip to content

Commit

Permalink
add some more SQL Server vectors variations
Browse files Browse the repository at this point in the history 
PASS: test-unit.sh
PASS: test-samples-sqli-negative.sh
PASS: test-samples-sqli-positive.sh
PASS: test-samples-xss-positive.sh
  • Loading branch information
@Raz0r
Raz0r committed Jul 9, 2016
1 parent 1442950 commit 0415c59
Show file tree
Hide file tree
Showing 5 changed files with 43 additions and 1 deletion.
5 changes: 5 additions & 0 deletions data/sqli-@ru_raz0-20160705.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,8 @@
username'exec master..xp_cmdshell'ping 127.0.0.1' -- and password = 'test'
username'declare @s varchar (8000); ...
username'DECLARE @find varchar(30) = 'Man%'
'begin declare @s varchar (8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s); end
'goto label; label: declare @s varchar (8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s)--
'begin try select 1/0 end try begin catch declare @s varchar (8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s) end catch--
'begin try declare @s varchar (8000);set @s = cast(0x65786563206D61737465722E2E78705F636D647368656C6C202770696E67203137322E31362E392E3627 as varchar(max));exec(@s) end try begin catch print 1 end catch--

11 changes: 11 additions & 0 deletions src/fingerprints.txt
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,17 @@
&(1)U
sTv(1
sTnsc
sTTv(
sTn;n
sTn;E
sTn;T
sTTE1
sTTE(
sTTEf
sTTEn
sTTEs
sTTEv
sTTTv
&(1)o
&(1o(
&(1of
Expand Down
14 changes: 13 additions & 1 deletion src/libinjection_sqli_data.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6243,7 +6243,18 @@ static const keyword_t sql_keywords[] = {
{"0SOVUS", 'F'},
{"0SOVUT", 'F'},
{"0SOVUV", 'F'},
{"0STN;E", 'F'},
{"0STN;N", 'F'},
{"0STN;T", 'F'},
{"0STNSC", 'F'},
{"0STTE(", 'F'},
{"0STTE1", 'F'},
{"0STTEF", 'F'},
{"0STTEN", 'F'},
{"0STTES", 'F'},
{"0STTEV", 'F'},
{"0STTTV", 'F'},
{"0STTV(", 'F'},
{"0STV(1", 'F'},
{"0SU(1)", 'F'},
{"0SU(1O", 'F'},
Expand Down Expand Up @@ -8866,6 +8877,7 @@ static const keyword_t sql_keywords[] = {
{"TRUE", '1'},
{"TRUNC", 'f'},
{"TRUNCATE", 'f'},
{"TRY", 'T'},
{"TRY_CAST", 'f'},
{"TRY_CONVERT", 'f'},
{"TRY_PARSE", 'f'},
Expand Down Expand Up @@ -9002,5 +9014,5 @@ static const keyword_t sql_keywords[] = {
{"||", '&'},
{"~*", 'o'},
};
static const size_t sql_keywords_sz = 8706;
static const size_t sql_keywords_sz = 8718;
#endif
12 changes: 12 additions & 0 deletions src/sqlparse_data.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5907,6 +5907,17 @@
"sEvo(",
"sEvof",
"sEvos",
"sTTE(",
"sTTE1",
"sTTEf",
"sTTEn",
"sTTEs",
"sTTEv",
"sTTTv",
"sTTv(",
"sTn;E",
"sTn;T",
"sTn;n",
"sTnsc",
"sTv(1",
"sU(1)",
Expand Down Expand Up @@ -8831,6 +8842,7 @@
"TRUE": "1",
"TRUNC": "f",
"TRUNCATE": "f",
"TRY": "T",
"TRY_CAST": "f",
"TRY_CONVERT": "f",
"TRY_PARSE": "f",
Expand Down
2 changes: 2 additions & 0 deletions src/sqlparse_map.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1010,6 +1010,8 @@
'TRUE' : '1',
'TRUNC' : 'f',
'TRUNCATE' : 'f',
# sqlserver
'TRY' : 'T',
'TRY_CAST' : 'f',
'TRY_CONVERT' : 'f',
'TRY_PARSE' : 'f',
Expand Down

0 comments on commit 0415c59

Please sign in to comment.