=========================================================== .___ __ __ _________________ __ __ __| _/|__|/ |_ / ___\_` __ \__ \ | | \/ __ | | \\_ __\ / /_/ > | \// __ \| | / /_/ | | || | \___ /|__| (____ /____/\____ | |__||__| /_____/ \/ \/ grep rough audit - static analysis tool v2.8 written by @Wireghoul =================================[justanotherhacker.com]=== ############################################## sqlmap-1.4.11/data/xml/boundaries.xml-334- sqlmap-1.4.11/data/xml/boundaries.xml:335: <!-- Pre-WHERE generic boundaries (e.g. "UPDATE table SET '$_REQUEST["name"]' WHERE id=1" or "INSERT INTO table VALUES('$_REQUEST["value"]') WHERE id=1)"--> sqlmap-1.4.11/data/xml/boundaries.xml-336- <boundary> ############################################## sqlmap-1.4.11/data/xml/queries.xml-287- <inband query="SELECT SQL_TEXT FROM V$SQL"/> sqlmap-1.4.11/data/xml/queries.xml:288: <blind query="SELECT SQL_TEXT FROM (SELECT SQL_TEXT,ROWNUM AS LIMIT FROM V$SQL WHERE SQL_TEXT NOT LIKE '%%SQL_TEXT%%') WHERE LIMIT=%d" count="SELECT COUNT(SQL_TEXT) FROM V$SQL WHERE SQL_TEXT NOT LIKE '%%SQL_TEXT%%'"/> sqlmap-1.4.11/data/xml/queries.xml-289- </statements> ############################################## sqlmap-1.4.11/data/xml/queries.xml-448- <inband query="SELECT RDB$RELATION_NAME FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG=0)"/> sqlmap-1.4.11/data/xml/queries.xml:449: <blind query="SELECT FIRST 1 SKIP %d RDB$RELATION_NAME FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG=0)" count="SELECT COUNT(RDB$RELATION_NAME) FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG=0)"/> sqlmap-1.4.11/data/xml/queries.xml-450- </tables> ############################################## sqlmap-1.4.11/data/xml/queries.xml-452- <inband query="SELECT RDB$USER,RDB$PRIVILEGE FROM RDB$USER_PRIVILEGES" condition="RDB$USER"/> sqlmap-1.4.11/data/xml/queries.xml:453: <blind query="SELECT FIRST 1 SKIP %d DISTINCT(RDB$PRIVILEGE) FROM RDB$USER_PRIVILEGES WHERE RDB$USER='%s'" count="SELECT COUNT(DISTINCT(RDB$PRIVILEGE)) FROM RDB$USER_PRIVILEGES WHERE RDB$USER='%s'"/> sqlmap-1.4.11/data/xml/queries.xml-454- </privileges> ############################################## sqlmap-1.4.11/data/xml/queries.xml-459- <!--<inband query="SELECT r.RDB$FIELD_NAME,CASE f.RDB$FIELD_TYPE WHEN 261 THEN 'BLOB' WHEN 14 THEN 'CHAR' WHEN 40 THEN 'CSTRING' WHEN 11 THEN 'D_FLOAT' WHEN 27 THEN 'DOUBLE' WHEN 10 THEN 'FLOAT' WHEN 16 THEN 'INT64' WHEN 8 THEN 'INTEGER' WHEN 9 THEN 'QUAD' WHEN 7 THEN 'SMALLINT' WHEN 12 THEN 'DATE' WHEN 13 THEN 'TIME' WHEN 35 THEN 'TIMESTAMP' WHEN 37 THEN 'VARCHAR' ELSE 'UNKNOWN' END AS field_type FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE=f.RDB$FIELD_NAME WHERE r.RDB$RELATION_NAME='%s'"/>--> sqlmap-1.4.11/data/xml/queries.xml:460: <inband query="SELECT r.RDB$FIELD_NAME,f.RDB$FIELD_TYPE FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE=f.RDB$FIELD_NAME WHERE r.RDB$RELATION_NAME='%s'" condition="r.RDB$FIELD_NAME"/> sqlmap-1.4.11/data/xml/queries.xml:461: <blind query="SELECT r.RDB$FIELD_NAME FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE=f.RDB$FIELD_NAME WHERE r.RDB$RELATION_NAME='%s'" query2="SELECT f.RDB$FIELD_TYPE FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE=f.RDB$FIELD_NAME WHERE r.RDB$RELATION_NAME='%s' AND r.RDB$FIELD_NAME='%s'" count="SELECT COUNT(r.RDB$FIELD_NAME) FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE=f.RDB$FIELD_NAME WHERE r.RDB$RELATION_NAME='%s'" condition="r.RDB$FIELD_NAME"/> sqlmap-1.4.11/data/xml/queries.xml-462- </columns> ############################################## sqlmap-1.4.11/data/xml/queries.xml-468- <search_table> sqlmap-1.4.11/data/xml/queries.xml:469: <inband query="SELECT RDB$RELATION_NAME FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG=0) AND %s" condition="RDB$RELATION_NAME" condition2=""/> sqlmap-1.4.11/data/xml/queries.xml:470: <blind query="" query2="SELECT FIRST 1 SKIP %d RDB$RELATION_NAME FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG=0)" count="" count2="SELECT COUNT(RDB$RELATION_NAME) FROM RDB$RELATIONS WHERE RDB$VIEW_BLR IS NULL AND (RDB$SYSTEM_FLAG IS NULL OR RDB$SYSTEM_FLAG=0)" condition="RDB$RELATION_NAME" condition2=""/> sqlmap-1.4.11/data/xml/queries.xml-471- </search_table> sqlmap-1.4.11/data/xml/queries.xml-472- <search_column> sqlmap-1.4.11/data/xml/queries.xml:473: <inband query="SELECT r.RDB$RELATION_NAME FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE=f.RDB$FIELD_NAME WHERE %s" condition="r.RDB$FIELD_NAME" condition2="" condition3="r.RDB$RELATION_NAME"/> sqlmap-1.4.11/data/xml/queries.xml:474: <blind query="" query2="SELECT DISTINCT(r.RDB$RELATION_NAME) FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE=f.RDB$FIELD_NAME WHERE %s" count="" count2="SELECT COUNT(DISTINCT(r.RDB$RELATION_NAME)) FROM RDB$RELATION_FIELDS r LEFT JOIN RDB$FIELDS f ON r.RDB$FIELD_SOURCE=f.RDB$FIELD_NAME WHERE %s" condition="r.RDB$FIELD_NAME" condition2="" condition3="r.RDB$RELATION_NAME"/> sqlmap-1.4.11/data/xml/queries.xml-475- </search_column> ############################################## sqlmap-1.4.11/extra/shutils/autocompletion.sh-5-DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" sqlmap-1.4.11/extra/shutils/autocompletion.sh:6:WORDLIST=`python "$DIR/../../sqlmap.py" -hh | grep -Eo '\s\--?\w[^ =,]*' | grep -vF '..' | paste -sd "" -` sqlmap-1.4.11/extra/shutils/autocompletion.sh-7- ############################################## sqlmap-1.4.11/extra/shutils/drei.sh-8-export SQLMAP_DREI=1 sqlmap-1.4.11/extra/shutils/drei.sh:9:#for i in $(find . -iname "*.py" | grep -v __init__); do python3 -c 'import '`echo $i | cut -d '.' -f 2 | cut -d '/' -f 2- | sed 's/\//./g'`''; done sqlmap-1.4.11/extra/shutils/drei.sh-10-for i in $(find . -iname "*.py" | grep -v __init__); do PYTHONWARNINGS=all python3 -m compileall $i | sed 's/Compiling/Checking/g'; done sqlmap-1.4.11/extra/shutils/drei.sh-11-unset SQLMAP_DREI sqlmap-1.4.11/extra/shutils/drei.sh:12:source `dirname "$0"`"/junk.sh" sqlmap-1.4.11/extra/shutils/drei.sh-13- ############################################## sqlmap-1.4.11/extra/shutils/recloak.sh-13-cd $DIR/../.. sqlmap-1.4.11/extra/shutils/recloak.sh:14:for file in $(find -regex ".*\.[a-z]*_" -type f | grep -v wordlist); do python extra/cloak/cloak.py -i `echo $file | sed 's/_$//g'`; done sqlmap-1.4.11/extra/shutils/recloak.sh-15- ############################################## sqlmap-1.4.11/thirdparty/bottle/bottle.py-1454- @property sqlmap-1.4.11/thirdparty/bottle/bottle.py:1455: def remote_addr(self): sqlmap-1.4.11/thirdparty/bottle/bottle.py-1456- """ The client IP as a string. Note that this information can be forged ############################################## sqlmap-1.4.11/thirdparty/wininetpton/win_inet_pton.py-11- sqlmap-1.4.11/thirdparty/wininetpton/win_inet_pton.py:12:class sockaddr(ctypes.Structure): sqlmap-1.4.11/thirdparty/wininetpton/win_inet_pton.py-13- _fields_ = [("sa_family", ctypes.c_short), ############################################## sqlmap-1.4.11/thirdparty/wininetpton/win_inet_pton.py-31-def inet_pton(address_family, ip_string): sqlmap-1.4.11/thirdparty/wininetpton/win_inet_pton.py:32: addr = sockaddr() sqlmap-1.4.11/thirdparty/wininetpton/win_inet_pton.py-33- addr.sa_family = address_family ############################################## sqlmap-1.4.11/thirdparty/wininetpton/win_inet_pton.py-53-def inet_ntop(address_family, packed_ip): sqlmap-1.4.11/thirdparty/wininetpton/win_inet_pton.py:54: addr = sockaddr() sqlmap-1.4.11/thirdparty/wininetpton/win_inet_pton.py-55- addr.sa_family = address_family