diff --git a/tests/integration/test_mod_sql/assertions/sql.json b/tests/integration/test_mod_sql/assertions/sql.json index c85613075..c67c66380 100644 --- a/tests/integration/test_mod_sql/assertions/sql.json +++ b/tests/integration/test_mod_sql/assertions/sql.json @@ -3,33 +3,33 @@ "SQL Injection": [ { "method": "GET", - "path": "/sql_easy.php", - "info": "SQL Injection (DBMS: SQLite) via injection in the parameter query", + "path": "/sql_hard.php", + "info": "SQL Injection via injection in the parameter query", "parameter": "query", "module": "sql", - "http_request": "GET /sql_easy.php?query=Linda%C2%BF%27%22%28 HTTP/1.1\nhost: sql\nconnection: keep-alive\nuser-agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0\naccept-language: en-US\naccept-encoding: gzip, deflate, br\naccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", + "http_request": "GET /sql_hard.php?query=Linda%22%20AND%2024%3D24%20AND%20%2222%22%3D%2222 HTTP/1.1\nhost: sql\nconnection: keep-alive\nuser-agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0\naccept-language: en-US\naccept-encoding: gzip, deflate, br\naccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", "wstg": [ "WSTG-INPV-05" ] }, { "method": "GET", - "path": "/sql_hard.php", + "path": "/sql_medium.php", "info": "SQL Injection via injection in the parameter query", "parameter": "query", "module": "sql", - "http_request": "GET /sql_hard.php?query=Linda%22%20AND%2024%3D24%20AND%20%2222%22%3D%2222 HTTP/1.1\nhost: sql\nconnection: keep-alive\nuser-agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0\naccept-language: en-US\naccept-encoding: gzip, deflate, br\naccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", + "http_request": "GET /sql_medium.php?query=Linda%22%20AND%2046%3D46%20AND%20%2230%22%3D%2230 HTTP/1.1\nhost: sql\nconnection: keep-alive\nuser-agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0\naccept-language: en-US\naccept-encoding: gzip, deflate, br\naccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", "wstg": [ "WSTG-INPV-05" ] }, { "method": "GET", - "path": "/sql_medium.php", + "path": "/sql_easy.php", "info": "SQL Injection via injection in the parameter query", "parameter": "query", "module": "sql", - "http_request": "GET /sql_medium.php?query=Linda%22%20AND%2046%3D46%20AND%20%2230%22%3D%2230 HTTP/1.1\nhost: sql\nconnection: keep-alive\nuser-agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0\naccept-language: en-US\naccept-encoding: gzip, deflate, br\naccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", + "http_request": "GET /sql_easy.php?query=Linda%C2%BF%27%22%28 HTTP/1.1\nhost: sql\nconnection: keep-alive\nuser-agent: Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0\naccept-language: en-US\naccept-encoding: gzip, deflate, br\naccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8", "wstg": [ "WSTG-INPV-05" ] @@ -38,457 +38,6 @@ }, "infos": { "target": "http://sql/", - "crawled_pages": [ - { - "request": { - "url": "http://sql/", - "method": "GET", - "headers": [ - [ - "accept", - "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" - ], - [ - "accept-encoding", - "gzip, deflate, br" - ], - [ - "accept-language", - "en-US" - ], - [ - "connection", - "keep-alive" - ], - [ - "host", - "sql" - ], - [ - "user-agent", - "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" - ] - ] - }, - "response": { - "status_code": 200, - "body": "\n\n\n

SQL vuln website

\n\n\n \n\n\n", - "headers": [ - [ - "connection", - "Keep-Alive" - ], - [ - "content-encoding", - "gzip" - ], - [ - "content-length", - "227" - ], - [ - "content-type", - "text/html; charset=UTF-8" - ], - [ - "server", - "Apache/2.4.56 (Debian)" - ], - [ - "vary", - "Accept-Encoding" - ], - [ - "x-powered-by", - "PHP/8.1.18" - ] - ] - } - }, - { - "request": { - "url": "http://sql/sql_easy.php", - "method": "GET", - "headers": [ - [ - "accept", - "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" - ], - [ - "accept-encoding", - "gzip, deflate, br" - ], - [ - "accept-language", - "en-US" - ], - [ - "connection", - "keep-alive" - ], - [ - "host", - "sql" - ], - [ - "user-agent", - "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" - ] - ] - }, - "response": { - "status_code": 200, - "body": "adnil@internet.tech\n\n\n\n

SQL vulns

\n\n\n

You can query the DB with the name of the person, it will return its mail

\n\n\n", - "headers": [ - [ - "connection", - "Keep-Alive" - ], - [ - "content-encoding", - "gzip" - ], - [ - "content-length", - "161" - ], - [ - "content-type", - "text/html; charset=UTF-8" - ], - [ - "server", - "Apache/2.4.56 (Debian)" - ], - [ - "vary", - "Accept-Encoding" - ], - [ - "x-powered-by", - "PHP/8.1.18" - ] - ] - } - }, - { - "request": { - "url": "http://sql/sql_easy.php", - "method": "GET", - "headers": [ - [ - "accept", - "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" - ], - [ - "accept-encoding", - "gzip, deflate, br" - ], - [ - "accept-language", - "en-US" - ], - [ - "connection", - "keep-alive" - ], - [ - "host", - "sql" - ], - [ - "user-agent", - "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" - ] - ] - }, - "response": { - "status_code": 302, - "body": "\n\n\n

SQL vulns

\n\n\n

You can query the DB with the name of the person, it will return its mail

\n\n\n", - "headers": [ - [ - "connection", - "Keep-Alive" - ], - [ - "content-length", - "169" - ], - [ - "content-type", - "text/html; charset=UTF-8" - ], - [ - "location", - "./sql_easy.php?query=Linda" - ], - [ - "server", - "Apache/2.4.56 (Debian)" - ], - [ - "x-powered-by", - "PHP/8.1.18" - ] - ] - } - }, - { - "request": { - "url": "http://sql/sql_hard.php", - "method": "GET", - "headers": [ - [ - "accept", - "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" - ], - [ - "accept-encoding", - "gzip, deflate, br" - ], - [ - "accept-language", - "en-US" - ], - [ - "connection", - "keep-alive" - ], - [ - "host", - "sql" - ], - [ - "user-agent", - "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" - ] - ] - }, - "response": { - "status_code": 200, - "body": "adnil@internet.tech\n\n\n\n

SQL vulns

\n\n\n

You can query the DB with the name of the person, it will return its mail

\n\n\n", - "headers": [ - [ - "connection", - "Keep-Alive" - ], - [ - "content-encoding", - "gzip" - ], - [ - "content-length", - "161" - ], - [ - "content-type", - "text/html; charset=UTF-8" - ], - [ - "server", - "Apache/2.4.56 (Debian)" - ], - [ - "vary", - "Accept-Encoding" - ], - [ - "x-powered-by", - "PHP/8.1.18" - ] - ] - } - }, - { - "request": { - "url": "http://sql/sql_hard.php", - "method": "GET", - "headers": [ - [ - "accept", - "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" - ], - [ - "accept-encoding", - "gzip, deflate, br" - ], - [ - "accept-language", - "en-US" - ], - [ - "connection", - "keep-alive" - ], - [ - "host", - "sql" - ], - [ - "user-agent", - "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" - ] - ] - }, - "response": { - "status_code": 302, - "body": "\n\n\n

SQL vulns

\n\n\n

You can query the DB with the name of the person, it will return its mail

\n\n\n", - "headers": [ - [ - "connection", - "Keep-Alive" - ], - [ - "content-length", - "169" - ], - [ - "content-type", - "text/html; charset=UTF-8" - ], - [ - "location", - "./sql_hard.php?query=Linda" - ], - [ - "server", - "Apache/2.4.56 (Debian)" - ], - [ - "x-powered-by", - "PHP/8.1.18" - ] - ] - } - }, - { - "request": { - "url": "http://sql/sql_medium.php", - "method": "GET", - "headers": [ - [ - "accept", - "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" - ], - [ - "accept-encoding", - "gzip, deflate, br" - ], - [ - "accept-language", - "en-US" - ], - [ - "connection", - "keep-alive" - ], - [ - "host", - "sql" - ], - [ - "user-agent", - "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" - ] - ] - }, - "response": { - "status_code": 200, - "body": "1adnil@internet.tech\n\n\n\n

SQL vulns

\n\n\n

You can query the DB with the name of the person, it will return its mail

\n\n\n", - "headers": [ - [ - "connection", - "Keep-Alive" - ], - [ - "content-encoding", - "gzip" - ], - [ - "content-length", - "162" - ], - [ - "content-type", - "text/html; charset=UTF-8" - ], - [ - "server", - "Apache/2.4.56 (Debian)" - ], - [ - "vary", - "Accept-Encoding" - ], - [ - "x-powered-by", - "PHP/8.1.18" - ] - ] - } - }, - { - "request": { - "url": "http://sql/sql_medium.php", - "method": "GET", - "headers": [ - [ - "accept", - "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8" - ], - [ - "accept-encoding", - "gzip, deflate, br" - ], - [ - "accept-language", - "en-US" - ], - [ - "connection", - "keep-alive" - ], - [ - "host", - "sql" - ], - [ - "user-agent", - "Mozilla/5.0 (Windows NT 6.1; rv:45.0) Gecko/20100101 Firefox/45.0" - ] - ] - }, - "response": { - "status_code": 302, - "body": "\n\n\n

SQL vulns

\n\n\n

You can query the DB with the name of the person, it will return its mail

\n\n\n", - "headers": [ - [ - "connection", - "Keep-Alive" - ], - [ - "content-length", - "169" - ], - [ - "content-type", - "text/html; charset=UTF-8" - ], - [ - "location", - "./sql_medium.php?query=Linda" - ], - [ - "server", - "Apache/2.4.56 (Debian)" - ], - [ - "x-powered-by", - "PHP/8.1.18" - ] - ] - } - } - ] + "crawled_pages": [] } -} \ No newline at end of file +}