Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 02eeecc

Browse files
bdamelebdamele
committed
Added UNION query SQL injection tests also with a random number for columns (not only NULL)
1 parent 6a8a5db commit 02eeecc

1 file changed

Lines changed: 246 additions & 0 deletions

File tree

xml/payloads.xml

Lines changed: 246 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2341,6 +2341,28 @@ Formats:
23412341
</details>
23422342
</test>
23432343

2344+
<test>
2345+
<title>MySQL UNION query ([CHAR]) - [COLSTART] to [COLSTOP] columns</title>
2346+
<stype>3</stype>
2347+
<level>3</level>
2348+
<risk>1</risk>
2349+
<clause>1,2,3,4,5</clause>
2350+
<where>1</where>
2351+
<vector>[UNION]</vector>
2352+
<request>
2353+
<payload/>
2354+
<comment>#</comment>
2355+
<char>[RANDNUM]</char>
2356+
<columns>[COLSTART]-[COLSTOP]</columns>
2357+
</request>
2358+
<response>
2359+
<union/>
2360+
</response>
2361+
<details>
2362+
<dbms>MySQL</dbms>
2363+
</details>
2364+
</test>
2365+
23442366
<test>
23452367
<title>MySQL UNION query ([CHAR]) - 1 to 10 columns</title>
23462368
<stype>3</stype>
@@ -2363,6 +2385,28 @@ Formats:
23632385
</details>
23642386
</test>
23652387

2388+
<test>
2389+
<title>MySQL UNION query ([CHAR]) - 1 to 10 columns</title>
2390+
<stype>3</stype>
2391+
<level>3</level>
2392+
<risk>1</risk>
2393+
<clause>1,2,3,4,5</clause>
2394+
<where>1</where>
2395+
<vector>[UNION]</vector>
2396+
<request>
2397+
<payload/>
2398+
<comment>#</comment>
2399+
<char>[RANDNUM]</char>
2400+
<columns>1-10</columns>
2401+
</request>
2402+
<response>
2403+
<union/>
2404+
</response>
2405+
<details>
2406+
<dbms>MySQL</dbms>
2407+
</details>
2408+
</test>
2409+
23662410
<test>
23672411
<title>MySQL UNION query ([CHAR]) - 11 to 20 columns</title>
23682412
<stype>3</stype>
@@ -2385,6 +2429,28 @@ Formats:
23852429
</details>
23862430
</test>
23872431

2432+
<test>
2433+
<title>MySQL UNION query ([CHAR]) - 11 to 20 columns</title>
2434+
<stype>3</stype>
2435+
<level>3</level>
2436+
<risk>1</risk>
2437+
<clause>1,2,3,4,5</clause>
2438+
<where>1</where>
2439+
<vector>[UNION]</vector>
2440+
<request>
2441+
<payload/>
2442+
<comment>#</comment>
2443+
<char>[RANDNUM]</char>
2444+
<columns>11-20</columns>
2445+
</request>
2446+
<response>
2447+
<union/>
2448+
</response>
2449+
<details>
2450+
<dbms>MySQL</dbms>
2451+
</details>
2452+
</test>
2453+
23882454
<test>
23892455
<title>MySQL UNION query ([CHAR]) - 21 to 30 columns</title>
23902456
<stype>3</stype>
@@ -2407,6 +2473,28 @@ Formats:
24072473
</details>
24082474
</test>
24092475

2476+
<test>
2477+
<title>MySQL UNION query ([CHAR]) - 21 to 30 columns</title>
2478+
<stype>3</stype>
2479+
<level>4</level>
2480+
<risk>1</risk>
2481+
<clause>1,2,3,4,5</clause>
2482+
<where>1</where>
2483+
<vector>[UNION]</vector>
2484+
<request>
2485+
<payload/>
2486+
<comment>#</comment>
2487+
<char>[RANDNUM]</char>
2488+
<columns>21-30</columns>
2489+
</request>
2490+
<response>
2491+
<union/>
2492+
</response>
2493+
<details>
2494+
<dbms>MySQL</dbms>
2495+
</details>
2496+
</test>
2497+
24102498
<test>
24112499
<title>MySQL UNION query ([CHAR]) - 31 to 40 columns</title>
24122500
<stype>3</stype>
@@ -2429,6 +2517,28 @@ Formats:
24292517
</details>
24302518
</test>
24312519

2520+
<test>
2521+
<title>MySQL UNION query ([CHAR]) - 31 to 40 columns</title>
2522+
<stype>3</stype>
2523+
<level>5</level>
2524+
<risk>1</risk>
2525+
<clause>1,2,3,4,5</clause>
2526+
<where>1</where>
2527+
<vector>[UNION]</vector>
2528+
<request>
2529+
<payload/>
2530+
<comment>#</comment>
2531+
<char>[RANDNUM]</char>
2532+
<columns>31-40</columns>
2533+
</request>
2534+
<response>
2535+
<union/>
2536+
</response>
2537+
<details>
2538+
<dbms>MySQL</dbms>
2539+
</details>
2540+
</test>
2541+
24322542
<test>
24332543
<title>MySQL UNION query ([CHAR]) - 41 to 50 columns</title>
24342544
<stype>3</stype>
@@ -2451,6 +2561,28 @@ Formats:
24512561
</details>
24522562
</test>
24532563

2564+
<test>
2565+
<title>MySQL UNION query ([CHAR]) - 41 to 50 columns</title>
2566+
<stype>3</stype>
2567+
<level>5</level>
2568+
<risk>1</risk>
2569+
<clause>1,2,3,4,5</clause>
2570+
<where>1</where>
2571+
<vector>[UNION]</vector>
2572+
<request>
2573+
<payload/>
2574+
<comment>#</comment>
2575+
<char>[RANDNUM]</char>
2576+
<columns>41-50</columns>
2577+
</request>
2578+
<response>
2579+
<union/>
2580+
</response>
2581+
<details>
2582+
<dbms>MySQL</dbms>
2583+
</details>
2584+
</test>
2585+
24542586
<test>
24552587
<title>Generic UNION query ([CHAR]) - [COLSTART] to [COLSTOP] columns</title>
24562588
<stype>3</stype>
@@ -2470,6 +2602,25 @@ Formats:
24702602
</response>
24712603
</test>
24722604

2605+
<test>
2606+
<title>Generic UNION query ([CHAR]) - [COLSTART] to [COLSTOP] columns</title>
2607+
<stype>3</stype>
2608+
<level>3</level>
2609+
<risk>1</risk>
2610+
<clause>1,2,3,4,5</clause>
2611+
<where>1</where>
2612+
<vector>[UNION]</vector>
2613+
<request>
2614+
<payload/>
2615+
<comment>--</comment>
2616+
<char>[RANDNUM]</char>
2617+
<columns>[COLSTART]-[COLSTOP]</columns>
2618+
</request>
2619+
<response>
2620+
<union/>
2621+
</response>
2622+
</test>
2623+
24732624
<test>
24742625
<title>Generic UNION query ([CHAR]) - 1 to 10 columns</title>
24752626
<stype>3</stype>
@@ -2489,6 +2640,25 @@ Formats:
24892640
</response>
24902641
</test>
24912642

2643+
<test>
2644+
<title>Generic UNION query ([CHAR]) - 1 to 10 columns</title>
2645+
<stype>3</stype>
2646+
<level>3</level>
2647+
<risk>1</risk>
2648+
<clause>1,2,3,4,5</clause>
2649+
<where>1</where>
2650+
<vector>[UNION]</vector>
2651+
<request>
2652+
<payload/>
2653+
<comment>--</comment>
2654+
<char>[RANDNUM]</char>
2655+
<columns>1-10</columns>
2656+
</request>
2657+
<response>
2658+
<union/>
2659+
</response>
2660+
</test>
2661+
24922662
<test>
24932663
<title>Generic UNION query ([CHAR]) - 11 to 20 columns</title>
24942664
<stype>3</stype>
@@ -2508,6 +2678,25 @@ Formats:
25082678
</response>
25092679
</test>
25102680

2681+
<test>
2682+
<title>Generic UNION query ([CHAR]) - 11 to 20 columns</title>
2683+
<stype>3</stype>
2684+
<level>3</level>
2685+
<risk>1</risk>
2686+
<clause>1,2,3,4,5</clause>
2687+
<where>1</where>
2688+
<vector>[UNION]</vector>
2689+
<request>
2690+
<payload/>
2691+
<comment>--</comment>
2692+
<char>[RANDNUM]</char>
2693+
<columns>11-20</columns>
2694+
</request>
2695+
<response>
2696+
<union/>
2697+
</response>
2698+
</test>
2699+
25112700
<test>
25122701
<title>Generic UNION query ([CHAR]) - 21 to 30 columns</title>
25132702
<stype>3</stype>
@@ -2527,6 +2716,25 @@ Formats:
25272716
</response>
25282717
</test>
25292718

2719+
<test>
2720+
<title>Generic UNION query ([CHAR]) - 21 to 30 columns</title>
2721+
<stype>3</stype>
2722+
<level>4</level>
2723+
<risk>1</risk>
2724+
<clause>1,2,3,4,5</clause>
2725+
<where>1</where>
2726+
<vector>[UNION]</vector>
2727+
<request>
2728+
<payload/>
2729+
<comment>--</comment>
2730+
<char>[RANDNUM]</char>
2731+
<columns>21-30</columns>
2732+
</request>
2733+
<response>
2734+
<union/>
2735+
</response>
2736+
</test>
2737+
25302738
<test>
25312739
<title>Generic UNION query ([CHAR]) - 31 to 40 columns</title>
25322740
<stype>3</stype>
@@ -2546,6 +2754,25 @@ Formats:
25462754
</response>
25472755
</test>
25482756

2757+
<test>
2758+
<title>Generic UNION query ([CHAR]) - 31 to 40 columns</title>
2759+
<stype>3</stype>
2760+
<level>5</level>
2761+
<risk>1</risk>
2762+
<clause>1,2,3,4,5</clause>
2763+
<where>1</where>
2764+
<vector>[UNION]</vector>
2765+
<request>
2766+
<payload/>
2767+
<comment>--</comment>
2768+
<char>[RANDNUM]</char>
2769+
<columns>31-40</columns>
2770+
</request>
2771+
<response>
2772+
<union/>
2773+
</response>
2774+
</test>
2775+
25492776
<test>
25502777
<title>Generic UNION query ([CHAR]) - 41 to 50 columns</title>
25512778
<stype>3</stype>
@@ -2564,6 +2791,25 @@ Formats:
25642791
<union/>
25652792
</response>
25662793
</test>
2794+
2795+
<test>
2796+
<title>Generic UNION query ([CHAR]) - 41 to 50 columns</title>
2797+
<stype>3</stype>
2798+
<level>5</level>
2799+
<risk>1</risk>
2800+
<clause>1,2,3,4,5</clause>
2801+
<where>1</where>
2802+
<vector>[UNION]</vector>
2803+
<request>
2804+
<payload/>
2805+
<comment>--</comment>
2806+
<char>[RANDNUM]</char>
2807+
<columns>41-50</columns>
2808+
</request>
2809+
<response>
2810+
<union/>
2811+
</response>
2812+
</test>
25672813
<!-- End of UNION query tests -->
25682814

25692815
</root>

0 commit comments

Comments
 (0)