diff --git a/Fuzzing/Databases/SQLi/README.md b/Fuzzing/Databases/SQLi/README.md index 263f038c1..499ffbcf1 100644 --- a/Fuzzing/Databases/SQLi/README.md +++ b/Fuzzing/Databases/SQLi/README.md @@ -1,3 +1,5 @@ # SQL Injection wordlists > [!CAUTION] -> Many of these wordlists contain potentially destructive queries which may permanently delete data on any databases they're used on. For more information see [issue #1011](https://github.com/danielmiessler/SecLists/issues/1011) \ No newline at end of file +> Many of these wordlists contain potentially destructive queries which may permanently delete data on any databases they're used on. For more information see [issue #1011](https://github.com/danielmiessler/SecLists/issues/1011) + +For a safer starting set, see [`sqlmap-risk-classified/`](sqlmap-risk-classified/). \ No newline at end of file diff --git a/Fuzzing/Databases/SQLi/sqlmap-risk-classified/README.md b/Fuzzing/Databases/SQLi/sqlmap-risk-classified/README.md index 4386e8f88..077953d59 100644 --- a/Fuzzing/Databases/SQLi/sqlmap-risk-classified/README.md +++ b/Fuzzing/Databases/SQLi/sqlmap-risk-classified/README.md @@ -1,5 +1,34 @@ -This directory contains payloads from [the sqlmap project](https://github.com/sqlmapproject/sqlmap) which are sorted automatically by a script (located at the `.bin` directory in the head of this repository). +This directory contains payloads from [the sqlmap project](https://github.com/sqlmapproject/sqlmap) which are sorted automatically by a script (located at the `.bin` directory at the base of this repository). -All payloads are divided into three risk levels. The default value is 1 which is innocuous for the majority of SQL injection points. Risk value 2 adds to the default level the tests for heavy query time-based SQL injections and value 3 adds also OR-based SQL injection tests. +From [the SQLMap documentation](https://github.com/sqlmapproject/sqlmap/wiki/Usage#risk): -In some instances, like a SQL injection in an UPDATE statement, injecting an OR-based payload can lead to an update of all the entries of the table, which is certainly not what the attacker wants. For this reason and others this option has been introduced: the user has control over which payloads get tested, the user can arbitrarily choose to use also potentially dangerous ones. As per the previous option, the payloads used by sqlmap are specified in the textual file xml/payloads.xml and you are free to edit and add your owns. \ No newline at end of file +> All payloads are divided into three risk levels. The default value is 1 which is innocuous for the majority of SQL injection points. Risk value 2 adds to the default level the tests for heavy query time-based SQL injections and value 3 adds also OR-based SQL injection tests. +> +> In some instances, like a SQL injection in an UPDATE statement, injecting an OR-based payload can lead to an update of all the entries of the table, which is certainly not what the attacker wants. For this reason and others this option has been introduced: the user has control over which payloads get tested, the user can arbitrarily choose to use also potentially dangerous ones. + +In this directory, the risk levels are named as follows: +- Risk level 1 = `Low-Risk-Payloads/` +- Risk level 2 = `Medium-Risk-Payloads/` +- Risk level 3 = `High-Risk-Payloads/` + + +> [!IMPORTANT] +> The classified payloads still contain sqlmap placeholders. Before being sent into any automated tool, the placeholders should be replaced. + +| Placeholder | Replace with | +| --- | --- | +| `[RANDNUM]`, `[RANDNUM1]`, `[RANDNUM2]` | any integer | +| `[RANDSTR]` | any short alphanumeric string | +| `[ORIGVALUE]` | the legitimate value of the param | +| `[SLEEPTIME]` | seconds for time-based payloads, e.g. 5 | +| `[INFERENCE]` | a boolean expression like `1=1` | +| `[GENERIC_SQL_COMMENT]` | `-- -` | +| `[DELIMITER_START]`, `[DELIMITER_END]` | any short unique tokens | +
+ +> [!NOTE] +> From the original repository, the payloads from `union_query.xml` are not included here as those are built from a column-count range at runtime. + +--- + +All payloads in this directory are licensed under the SQLMap project license, the [GPL v2](https://github.com/sqlmapproject/sqlmap/blob/master/LICENSE). \ No newline at end of file