sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-01-12 03:31:12 +03:00
Code Issues Packages Projects Releases Wiki Activity
7c67b0867a
sqlmap/data/xml/payloads/union_query.xml
nu11secur1ty 88bc467193
Update XML version and add UNION query tests 
Full upgrade for 2026 ;) BR dear friends
2026-01-01 15:53:46 +02:00

1228 lines
32 KiB
XML
Raw Blame History

<?xml version="4.0" encoding="UTF-8"?>
<root>
<!-- UNION query tests -->
<!-- ============= GENERIC TESTS ============= -->
<!-- Your existing generic tests (keep as is) -->
<test>
<title>Generic UNION query ([CHAR]) - [COLSTART] to [COLSTOP] columns (custom)</title>
<stype>6</stype>
<level>1</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>[CHAR]</char>
<columns>[COLSTART]-[COLSTOP]</columns>
</request>
<response>
<union/>
</response>
</test>
<test>
<title>Generic UNION query (NULL) - [COLSTART] to [COLSTOP] columns (custom)</title>
<stype>6</stype>
<level>1</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>NULL</char>
<columns>[COLSTART]-[COLSTOP]</columns>
</request>
<response>
<union/>
</response>
</test>
<test>
<title>Generic UNION query ([RANDNUM]) - [COLSTART] to [COLSTOP] columns (custom)</title>
<stype>6</stype>
<level>3</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>[RANDNUM]</char>
<columns>[COLSTART]-[COLSTOP]</columns>
</request>
<response>
<union/>
</response>
</test>
<!-- 1-10 generic (yours) -->
<test>
<title>Generic UNION query ([CHAR]) - 1 to 10 columns</title>
<stype>6</stype>
<level>1</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>[CHAR]</char>
<columns>1-10</columns>
</request>
<response>
<union/>
</response>
</test>
<test>
<title>Generic UNION query (NULL) - 1 to 10 columns</title>
<stype>6</stype>
<level>1</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>NULL</char>
<columns>1-10</columns>
</request>
<response>
<union/>
</response>
</test>
<test>
<title>Generic UNION query ([RANDNUM]) - 1 to 10 columns</title>
<stype>6</stype>
<level>3</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>[RANDNUM]</char>
<columns>1-10</columns>
</request>
<response>
<union/>
</response>
</test>
<!-- 11-20 generic (yours) -->
<test>
<title>Generic UNION query ([CHAR]) - 11 to 20 columns</title>
<stype>6</stype>
<level>2</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>[CHAR]</char>
<columns>11-20</columns>
</request>
<response>
<union/>
</response>
</test>
<test>
<title>Generic UNION query (NULL) - 11 to 20 columns</title>
<stype>6</stype>
<level>2</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>NULL</char>
<columns>11-20</columns>
</request>
<response>
<union/>
</response>
</test>
<test>
<title>Generic UNION query ([RANDNUM]) - 11 to 20 columns</title>
<stype>6</stype>
<level>3</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>[RANDNUM]</char>
<columns>11-20</columns>
</request>
<response>
<union/>
</response>
</test>
<!-- 21-30 generic (yours) -->
<test>
<title>Generic UNION query ([CHAR]) - 21 to 30 columns</title>
<stype>6</stype>
<level>3</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>[CHAR]</char>
<columns>21-30</columns>
</request>
<response>
<union/>
</response>
</test>
<test>
<title>Generic UNION query (NULL) - 21 to 30 columns</title>
<stype>6</stype>
<level>3</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>NULL</char>
<columns>21-30</columns>
</request>
<response>
<union/>
</response>
</test>
<test>
<title>Generic UNION query ([RANDNUM]) - 21 to 30 columns</title>
<stype>6</stype>
<level>4</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>[RANDNUM]</char>
<columns>21-30</columns>
</request>
<response>
<union/>
</response>
</test>
<!-- 31-40 generic (yours) -->
<test>
<title>Generic UNION query ([CHAR]) - 31 to 40 columns</title>
<stype>6</stype>
<level>4</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>[CHAR]</char>
<columns>31-40</columns>
</request>
<response>
<union/>
</response>
</test>
<test>
<title>Generic UNION query (NULL) - 31 to 40 columns</title>
<stype>6</stype>
<level>4</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>NULL</char>
<columns>31-40</columns>
</request>
<response>
<union/>
</response>
</test>
<test>
<title>Generic UNION query ([RANDNUM]) - 31 to 40 columns</title>
<stype>6</stype>
<level>5</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>[RANDNUM]</char>
<columns>31-40</columns>
</request>
<response>
<union/>
</response>
</test>
<!-- 41-50 generic (yours) -->
<test>
<title>Generic UNION query ([CHAR]) - 41 to 50 columns</title>
<stype>6</stype>
<level>5</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>[CHAR]</char>
<columns>41-50</columns>
</request>
<response>
<union/>
</response>
</test>
<test>
<title>Generic UNION query (NULL) - 41 to 50 columns</title>
<stype>6</stype>
<level>5</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>NULL</char>
<columns>41-50</columns>
</request>
<response>
<union/>
</response>
</test>
<test>
<title>Generic UNION query ([RANDNUM]) - 41 to 50 columns</title>
<stype>6</stype>
<level>5</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>[RANDNUM]</char>
<columns>41-50</columns>
</request>
<response>
<union/>
</response>
</test>
<!-- ============= MYSQL TESTS ============= -->
<!-- MySQL custom (yours) -->
<test>
<title>MySQL UNION query ([CHAR]) - [COLSTART] to [COLSTOP] columns (custom)</title>
<stype>6</stype>
<level>2</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>#</comment>
<char>[CHAR]</char>
<columns>[COLSTART]-[COLSTOP]</columns>
</request>
<response>
<union/>
</response>
<details>
<dbms>MySQL</dbms>
</details>
</test>
<test>
<title>MySQL UNION query (NULL) - [COLSTART] to [COLSTOP] columns (custom)</title>
<stype>6</stype>
<level>2</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>#</comment>
<char>NULL</char>
<columns>[COLSTART]-[COLSTOP]</columns>
</request>
<response>
<union/>
</response>
<details>
<dbms>MySQL</dbms>
</details>
</test>
<test>
<title>MySQL UNION query ([RANDNUM]) - [COLSTART] to [COLSTOP] columns (custom)</title>
<stype>6</stype>
<level>3</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>#</comment>
<char>[RANDNUM]</char>
<columns>[COLSTART]-[COLSTOP]</columns>
</request>
<response>
<union/>
</response>
<details>
<dbms>MySQL</dbms>
</details>
</test>
<!-- MySQL 1-10 (yours) -->
<test>
<title>MySQL UNION query ([CHAR]) - 1 to 10 columns</title>
<stype>6</stype>
<level>2</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>#</comment>
<char>[CHAR]</char>
<columns>1-10</columns>
</request>
<response>
<union/>
</response>
<details>
<dbms>MySQL</dbms>
</details>
</test>
<test>
<title>MySQL UNION query (NULL) - 1 to 10 columns</title>
<stype>6</stype>
<level>2</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>#</comment>
<char>NULL</char>
<columns>1-10</columns>
</request>
<response>
<union/>
</response>
<details>
<dbms>MySQL</dbms>
</details>
</test>
<test>
<title>MySQL UNION query ([RANDNUM]) - 1 to 10 columns</title>
<stype>6</stype>
<level>3</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>#</comment>
<char>[RANDNUM]</char>
<columns>1-10</columns>
</request>
<response>
<union/>
</response>
<details>
<dbms>MySQL</dbms>
</details>
</test>
<!-- MySQL 11-20 (yours) -->
<test>
<title>MySQL UNION query ([CHAR]) - 11 to 20 columns</title>
<stype>6</stype>
<level>2</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>#</comment>
<char>[CHAR]</char>
<columns>11-20</columns>
</request>
<response>
<union/>
</response>
<details>
<dbms>MySQL</dbms>
</details>
</test>
<test>
<title>MySQL UNION query (NULL) - 11 to 20 columns</title>
<stype>6</stype>
<level>2</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>#</comment>
<char>NULL</char>
<columns>11-20</columns>
</request>
<response>
<union/>
</response>
<details>
<dbms>MySQL</dbms>
</details>
</test>
<test>
<title>MySQL UNION query ([RANDNUM]) - 11 to 20 columns</title>
<stype>6</stype>
<level>3</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>#</comment>
<char>[RANDNUM]</char>
<columns>11-20</columns>
</request>
<response>
<union/>
</response>
<details>
<dbms>MySQL</dbms>
</details>
</test>
<!-- MySQL 21-30 (yours) -->
<test>
<title>MySQL UNION query ([CHAR]) - 21 to 30 columns</title>
<stype>6</stype>
<level>3</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>#</comment>
<char>[CHAR]</char>
<columns>21-30</columns>
</request>
<response>
<union/>
</response>
<details>
<dbms>MySQL</dbms>
</details>
</test>
<test>
<title>MySQL UNION query (NULL) - 21 to 30 columns</title>
<stype>6</stype>
<level>3</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>#</comment>
<char>NULL</char>
<columns>21-30</columns>
</request>
<response>
<union/>
</response>
<details>
<dbms>MySQL</dbms>
</details>
</test>
<test>
<title>MySQL UNION query ([RANDNUM]) - 21 to 30 columns</title>
<stype>6</stype>
<level>4</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>#</comment>
<char>[RANDNUM]</char>
<columns>21-30</columns>
</request>
<response>
<union/>
</response>
<details>
<dbms>MySQL</dbms>
</details>
</test>
<!-- MySQL 31-40 (yours) -->
<test>
<title>MySQL UNION query ([CHAR]) - 31 to 40 columns</title>
<stype>6</stype>
<level>4</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>#</comment>
<char>[CHAR]</char>
<columns>31-40</columns>
</request>
<response>
<union/>
</response>
<details>
<dbms>MySQL</dbms>
</details>
</test>
<test>
<title>MySQL UNION query (NULL) - 31 to 40 columns</title>
<stype>6</stype>
<level>4</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>#</comment>
<char>NULL</char>
<columns>31-40</columns>
</request>
<response>
<union/>
</response>
<details>
<dbms>MySQL</dbms>
</details>
</test>
<test>
<title>MySQL UNION query ([RANDNUM]) - 31 to 40 columns</title>
<stype>6</stype>
<level>5</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>#</comment>
<char>[RANDNUM]</char>
<columns>31-40</columns>
</request>
<response>
<union/>
</response>
<details>
<dbms>MySQL</dbms>
</details>
</test>
<!-- MySQL 41-50 (yours) -->
<test>
<title>MySQL UNION query ([CHAR]) - 41 to 50 columns</title>
<stype>6</stype>
<level>5</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>#</comment>
<char>[CHAR]</char>
<columns>41-50</columns>
</request>
<response>
<union/>
</response>
<details>
<dbms>MySQL</dbms>
</details>
</test>
<test>
<title>MySQL UNION query (NULL) - 41 to 50 columns</title>
<stype>6</stype>
<level>5</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>#</comment>
<char>NULL</char>
<columns>41-50</columns>
</request>
<response>
<union/>
</response>
<details>
<dbms>MySQL</dbms>
</details>
</test>
<test>
<title>MySQL UNION query ([RANDNUM]) - 41 to 50 columns</title>
<stype>6</stype>
<level>5</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>#</comment>
<char>[RANDNUM]</char>
<columns>41-50</columns>
</request>
<response>
<union/>
</response>
<details>
<dbms>MySQL</dbms>
</details>
</test>
<!-- ============= POSTGRESQL TESTS ============= -->
<!-- PostgreSQL custom -->
<test>
<title>PostgreSQL UNION query ([CHAR]) - [COLSTART] to [COLSTOP] columns (custom)</title>
<stype>6</stype>
<level>2</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>--</comment>
<char>[CHAR]</char>
<columns>[COLSTART]-[COLSTOP]</columns>
</request>
<response>
<union/>
</response>
<details>
<dbms>PostgreSQL</dbms>
</details>
</test>
<test>
<title>PostgreSQL UNION query (NULL) - [COLSTART] to [COLSTOP] columns (custom)</title>
<stype>6</stype>
<level>2</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>--</comment>
<char>NULL</char>
<columns>[COLSTART]-[COLSTOP]</columns>
</request>
<response>
<union/>
</response>
<details>
<dbms>PostgreSQL</dbms>
</details>
</test>
<test>
<title>PostgreSQL UNION query ([RANDNUM]) - [COLSTART] to [COLSTOP] columns (custom)</title>
<stype>6</stype>
<level>3</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>--</comment>
<char>[RANDNUM]</char>
<columns>[COLSTART]-[COLSTOP]</columns>
</request>
<response>
<union/>
</response>
<details>
<dbms>PostgreSQL</dbms>
</details>
</test>
<!-- PostgreSQL 1-10 -->
<test>
<title>PostgreSQL UNION query ([CHAR]) - 1 to 10 columns</title>
<stype>6</stype>
<level>2</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>--</comment>
<char>[CHAR]</char>
<columns>1-10</columns>
</request>
<response>
<union/>
</response>
<details>
<dbms>PostgreSQL</dbms>
</details>
</test>
<test>
<title>PostgreSQL UNION query (NULL) - 1 to 10 columns</title>
<stype>6</stype>
<level>2</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>--</comment>
<char>NULL</char>
<columns>1-10</columns>
</request>
<response>
<union/>
</response>
<details>
<dbms>PostgreSQL</dbms>
</details>
</test>
<test>
<title>PostgreSQL UNION query ([RANDNUM]) - 1 to 10 columns</title>
<stype>6</stype>
<level>3</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>--</comment>
<char>[RANDNUM]</char>
<columns>1-10</columns>
</request>
<response>
<union/>
</response>
<details>
<dbms>PostgreSQL</dbms>
</details>
</test>
<!-- PostgreSQL 11-20 -->
<test>
<title>PostgreSQL UNION query ([CHAR]) - 11 to 20 columns</title>
<stype>6</stype>
<level>3</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>--</comment>
<char>[CHAR]</char>
<columns>11-20</columns>
</request>
<response>
<union/>
</response>
<details>
<dbms>PostgreSQL</dbms>
</details>
</test>
<test>
<title>PostgreSQL UNION query (NULL) - 11 to 20 columns</title>
<stype>6</stype>
<level>3</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>--</comment>
<char>NULL</char>
<columns>11-20</columns>
</request>
<response>
<union/>
</response>
<details>
<dbms>PostgreSQL</dbms>
</details>
</test>
<!-- ============= MSSQL TESTS ============= -->
<!-- MSSQL custom -->
<test>
<title>Microsoft SQL Server UNION query ([CHAR]) - [COLSTART] to [COLSTOP] columns (custom)</title>
<stype>6</stype>
<level>2</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>--</comment>
<char>[CHAR]</char>
<columns>[COLSTART]-[COLSTOP]</columns>
</request>
<response>
<union/>
</response>
<details>
<dbms>Microsoft SQL Server</dbms>
</details>
</test>
<test>
<title>Microsoft SQL Server UNION query (NULL) - [COLSTART] to [COLSTOP] columns (custom)</title>
<stype>6</stype>
<level>2</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>--</comment>
<char>NULL</char>
<columns>[COLSTART]-[COLSTOP]</columns>
</request>
<response>
<union/>
</response>
<details>
<dbms>Microsoft SQL Server</dbms>
</details>
</test>
<!-- MSSQL 1-10 -->
<test>
<title>Microsoft SQL Server UNION query ([CHAR]) - 1 to 10 columns</title>
<stype>6</stype>
<level>2</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>--</comment>
<char>[CHAR]</char>
<columns>1-10</columns>
</request>
<response>
<union/>
</response>
<details>
<dbms>Microsoft SQL Server</dbms>
</details>
</test>
<test>
<title>Microsoft SQL Server UNION query (NULL) - 1 to 10 columns</title>
<stype>6</stype>
<level>2</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>--</comment>
<char>NULL</char>
<columns>1-10</columns>
</request>
<response>
<union/>
</response>
<details>
<dbms>Microsoft SQL Server</dbms>
</details>
</test>
<!-- ============= ORACLE TESTS ============= -->
<!-- Oracle custom -->
<test>
<title>Oracle UNION query ([CHAR]) - [COLSTART] to [COLSTOP] columns (custom)</title>
<stype>6</stype>
<level>2</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>--</comment>
<char>[CHAR]</char>
<columns>[COLSTART]-[COLSTOP]</columns>
</request>
<response>
<union/>
</response>
<details>
<dbms>Oracle</dbms>
</details>
</test>
<!-- Oracle 1-10 -->
<test>
<title>Oracle UNION query (NULL) - 1 to 10 columns</title>
<stype>6</stype>
<level>2</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>--</comment>
<char>NULL</char>
<columns>1-10</columns>
</request>
<response>
<union/>
</response>
<details>
<dbms>Oracle</dbms>
</details>
</test>
<!-- ============= ADVANCED TECHNIQUES ============= -->
<!-- UNION ALL variations -->
<test>
<title>Generic UNION ALL query ([CHAR]) - 1 to 10 columns</title>
<stype>6</stype>
<level>2</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION ALL]</vector>
<request>
<payload/>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>[CHAR]</char>
<columns>1-10</columns>
</request>
<response>
<union/>
</response>
</test>
<!-- WAF bypass: inline comments -->
<test>
<title>MySQL inline comment UNION ([CHAR]) - 1 to 10 columns</title>
<stype>6</stype>
<level>3</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>/*!50000UNION*/ /*!50000SELECT*/</vector>
<request>
<payload/>
<comment>#</comment>
<char>[CHAR]</char>
<columns>1-10</columns>
</request>
<response>
<union/>
</response>
<details>
<dbms>MySQL</dbms>
</details>
</test>
<!-- WAF bypass: whitespace variations -->
<test>
<title>Generic UNION with whitespace obfuscation ([CHAR]) - 1 to 10 columns</title>
<stype>6</stype>
<level>3</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>%0aUNION%0aSELECT%0a</vector>
<request>
<payload/>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>[CHAR]</char>
<columns>1-10</columns>
</request>
<response>
<union/>
</response>
</test>
<!-- Stacked queries -->
<test>
<title>Stacked query UNION attempt ([CHAR]) - 1 to 10 columns</title>
<stype>6</stype>
<level>4</level>
<risk>2</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>;[UNION]</vector>
<request>
<payload/>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>[CHAR]</char>
<columns>1-10</columns>
</request>
<response>
<union/>
</response>
</test>
<!-- HEX encoding -->
<test>
<title>HEX encoded UNION query (0x[HEX]) - 1 to 10 columns</title>
<stype>6</stype>
<level>3</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>0x[HEX]</char>
<columns>1-10</columns>
</request>
<response>
<union/>
</response>
</test>
<!-- Extended column ranges -->
<test>
<title>Generic UNION query ([CHAR]) - 51 to 60 columns</title>
<stype>6</stype>
<level>5</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>[CHAR]</char>
<columns>51-60</columns>
</request>
<response>
<union/>
</response>
</test>
<test>
<title>Generic UNION query (NULL) - 51 to 60 columns</title>
<stype>6</stype>
<level>5</level>
<risk>1</risk>
<clause>1,2,3,4,5</clause>
<where>1</where>
<vector>[UNION]</vector>
<request>
<payload/>
<comment>[GENERIC_SQL_COMMENT]</comment>
<char>NULL</char>
<columns>51-60</columns>
</request>
<response>
<union/>
</response>
</test>
<!-- ============= END ============= -->
<!-- End of UNION query tests -->
</root>
Reference in New Issue View Git Blame Copy Permalink