Patch for special cases of OR boolean-based blind (covered with last two commits)

This commit is contained in:
Miroslav Stampar 2016-01-14 13:51:30 +01:00
parent bdcf3fffba
commit df8e4b504d

View File

@ -186,6 +186,22 @@ Tag: <test>
</response> </response>
</test> </test>
<test>
<title>OR boolean-based blind - WHERE or HAVING clause (NOT)</title>
<stype>1</stype>
<level>3</level>
<risk>3</risk>
<clause>1</clause>
<where>1</where>
<vector>OR NOT [INFERENCE]</vector>
<request>
<payload>OR NOT [RANDNUM]=[RANDNUM]</payload>
</request>
<response>
<comparison>OR NOT [RANDNUM]=[RANDNUM1]</comparison>
</response>
</test>
<test> <test>
<title>AND boolean-based blind - WHERE or HAVING clause (Generic comment)</title> <title>AND boolean-based blind - WHERE or HAVING clause (Generic comment)</title>
<stype>1</stype> <stype>1</stype>
@ -220,6 +236,23 @@ Tag: <test>
</response> </response>
</test> </test>
<test>
<title>OR boolean-based blind - WHERE or HAVING clause (Generic comment) (NOT)</title>
<stype>1</stype>
<level>4</level>
<risk>3</risk>
<clause>1</clause>
<where>1</where>
<vector>OR NOT [INFERENCE]</vector>
<request>
<payload>OR NOT [RANDNUM]=[RANDNUM]</payload>
<comment>-- -</comment>
</request>
<response>
<comparison>OR NOT [RANDNUM]=[RANDNUM1]</comparison>
</response>
</test>
<test> <test>
<title>AND boolean-based blind - WHERE or HAVING clause (MySQL comment)</title> <title>AND boolean-based blind - WHERE or HAVING clause (MySQL comment)</title>
<stype>1</stype> <stype>1</stype>
@ -260,6 +293,26 @@ Tag: <test>
</details> </details>
</test> </test>
<test>
<title>OR boolean-based blind - WHERE or HAVING clause (MySQL comment) (NOT)</title>
<stype>1</stype>
<level>3</level>
<risk>3</risk>
<clause>1</clause>
<where>1</where>
<vector>OR NOT [INFERENCE]</vector>
<request>
<payload>OR NOT [RANDNUM]=[RANDNUM]</payload>
<comment>#</comment>
</request>
<response>
<comparison>OR NOT [RANDNUM]=[RANDNUM1]</comparison>
</response>
<details>
<dbms>MySQL</dbms>
</details>
</test>
<test> <test>
<title>AND boolean-based blind - WHERE or HAVING clause (Microsoft Access comment)</title> <title>AND boolean-based blind - WHERE or HAVING clause (Microsoft Access comment)</title>
<stype>1</stype> <stype>1</stype>