mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2026-07-06 08:22:57 +00:00
Adding support for --xxe
This commit is contained in:
parent
16c8909a0c
commit
5fa2da5eae
14 changed files with 1413 additions and 16 deletions
|
|
@ -440,7 +440,7 @@ def cmdLineParser(argv=None):
|
|||
help="Column values to use for UNION query SQL injection")
|
||||
|
||||
techniques.add_argument("--dns-domain", dest="dnsDomain",
|
||||
help="Domain name used for DNS exfiltration attack")
|
||||
help="Domain name used for DNS exfiltration attack (or 'interactsh' for zero-setup OOB)")
|
||||
|
||||
techniques.add_argument("--second-url", dest="secondUrl",
|
||||
help="Resulting page URL searched for second-order response")
|
||||
|
|
@ -790,6 +790,15 @@ def cmdLineParser(argv=None):
|
|||
nonsql.add_argument("--ssti", dest="ssti", action="store_true",
|
||||
help="Test for server-side template injection")
|
||||
|
||||
nonsql.add_argument("--xxe", dest="xxe", action="store_true",
|
||||
help="Test for XML External Entity (XXE) injection")
|
||||
|
||||
nonsql.add_argument("--oob-server", dest="oobServer",
|
||||
help="Out-of-band server for blind '--xxe' (default: public interactsh; 'none' to disable OOB)")
|
||||
|
||||
nonsql.add_argument("--oob-token", dest="oobToken",
|
||||
help="Authentication token for a self-hosted '--oob-server'")
|
||||
|
||||
# Miscellaneous options
|
||||
miscellaneous = parser.add_argument_group("Miscellaneous", "These options do not fit into any other category")
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue