@@ -90,7 +90,7 @@ def vulnTest():
9090 ("-u \" <url>&echo=foobar*\" --flush-session" , ("might be vulnerable to cross-site scripting" ,)),
9191 ("-u \" <base>nosql?name=luther&password=x\" -p password --nosql --flush-session" , ("is vulnerable to NoSQL injection" , "back-end: 'MongoDB'" , "NoSQL: GET parameter 'password'" , "s3cr3t" )), # NoSQL (MongoDB) operator-injection detection + blind regexp extraction
9292 ("-u \" <base>graphql\" --graphql --flush-session --disable-hashing" , ("found GraphQL endpoint" , "introspection returned" , "skipping 2 mutation slot" , "GraphQL boolean-based blind" , "in-band data exposure" , "back-end DBMS: 'SQLite'" , "banner: '3." , "GraphQL database tables" , "fetched 30 entries from table 'creds'" , "db3a16990a0008a3b04707fdef6584a0" , "GraphQL scan complete" )), # GraphQL: endpoint detection + introspection + mutation-skip + boolean-blind/in-band + back-end fingerprint + batched blind dump of an injection-only table (SQLite-backed)
93- ("-u \" <base>ldap/search?q=x\" --ldap --flush-session --disable-hashing" , ("is vulnerable to LDAP injection" , "Title: LDAP boolean-based blind " , "LDAP: GET parameter 'q' directory entries" , "dumped " , "LDAP scan complete" )), # LDAP: error-based detection (unbalanced paren) + boolean oracle + directory attribute extraction via blind substring probing
93+ ("-u \" <base>ldap/search?q=x\" --ldap --flush-session --disable-hashing" , ("is vulnerable to LDAP injection" , "Title: LDAP in-band data exposure " , "LDAP: GET parameter 'q' in-band entries" , "in-band data exposure " , "LDAP scan complete" )), # LDAP: error-based detection (unbalanced paren) + boolean oracle + directory attribute extraction via blind substring probing
9494 ("-u \" <url>&query=*\" --flush-session --technique=Q --banner" , ("Title: SQLite inline queries" , "banner: '3." )),
9595 ("-d \" <direct>\" --flush-session --dump -T creds --dump-format=SQLITE --binary-fields=password_hash --where \" user_id=5\" " , ("3137396164343563366365326362393763663130323965323132303436653831" , "dumped to SQLITE database" )),
9696 ("-d \" <direct>\" --flush-session --banner --schema --sql-query=\" UPDATE users SET name='foobar' WHERE id=4; SELECT * FROM users; SELECT 987654321\" " , ("banner: '3." , "INTEGER" , "TEXT" , "id" , "name" , "surname" , "4,foobar,nameisnull" , "'987654321'" ,)),
0 commit comments