CERBERUS/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-06-30 13:31:08 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Adding switch --ssti

Browse source
This commit is contained in:
Miroslav Štampar 2026-06-29 11:43:10 +02:00
parent 8ff5d3811a
commit 820efa7a8a
13 changed files with 1263 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

33
lib/parse/cmdline.py
View file

@ -415,18 +415,6 @@ def cmdLineParser(argv=None):
techniques.add_argument("--technique", dest="technique",
help="SQL injection techniques to use (default \"%s\")" % defaults.technique)
techniques.add_argument("--nosql", dest="nosql", action="store_true",
help="Test for NoSQL injection (e.g. MongoDB, CouchDB, Neo4j)")
techniques.add_argument("--graphql", dest="graphql", action="store_true",
help="Test for GraphQL injection (introspection, field/argument fuzzing, SQL/NoSQL payload families)")
techniques.add_argument("--ldap", dest="ldap", action="store_true",
help="Test for LDAP injection (filter breakout, boolean blind, auth bypass)")
techniques.add_argument("--xpath", dest="xpath", action="store_true",
help="Test for XPath injection (error-based, boolean-blind, blind XML tree-walking)")
techniques.add_argument("--time-sec", dest="timeSec", type=int,
help="Seconds to delay the DBMS response (default %d)" % defaults.timeSec)
@ -454,6 +442,21 @@ def cmdLineParser(argv=None):
techniques.add_argument("--second-req", dest="secondReq",
help="Load second-order HTTP request from file")
techniques.add_argument("--graphql", dest="graphql", action="store_true",
help="Test for GraphQL injection")
techniques.add_argument("--ldap", dest="ldap", action="store_true",
help="Test for LDAP injection")
techniques.add_argument("--nosql", dest="nosql", action="store_true",
help="Test for NoSQL injection")
techniques.add_argument("--xpath", dest="xpath", action="store_true",
help="Test for XPath injection")
techniques.add_argument("--ssti", dest="ssti", action="store_true",
help="Test for server-side template injection")
# Fingerprint options
fingerprint = parser.add_argument_group("Fingerprint", "These options can be used to perform a back-end database management system version fingerprint")
@ -568,6 +571,12 @@ def cmdLineParser(argv=None):
enumeration.add_argument("--sql-shell", dest="sqlShell", action="store_true",
help="Prompt for an interactive SQL shell")
enumeration.add_argument("--ssti-query", dest="sstiQuery",
help="SSTI expression to evaluate in-band on the vulnerable parameter")
enumeration.add_argument("--ssti-shell", dest="sstiShell", action="store_true",
help="Prompt for an interactive SSTI expression shell")
enumeration.add_argument("--sql-file", dest="sqlFile",
help="Execute SQL statements from given file(s)")