Revisiting default level 1 payloads (MySQL stacked queries are as frequent as double rainbows)

stamparm · stamparm · commit 340995353888 · 2016-09-29T12:59:51.000+02:00
diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -19,7 +19,7 @@
 from lib.core.revision import getRevisionNumber
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.0.9.52"
+VERSION = "1.0.9.53"
 REVISION = getRevisionNumber()
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
diff --git a/txt/checksum.md5 b/txt/checksum.md5
@@ -45,7 +45,7 @@ e60456db5380840a586654344003d4e6  lib/core/readlineng.py
 5ef56abb8671c2ca6ceecb208258e360  lib/core/replication.py
 99a2b496b9d5b546b335653ca801153f  lib/core/revision.py
 7c15dd2777af4dac2c89cab6df17462e  lib/core/session.py
-ddab16d302a21444b7f12de4630af2df  lib/core/settings.py
+b112acf982657cb2bb7a4dbf00dc7b7a  lib/core/settings.py
 7af83e4f18cab6dff5e67840eb65be80  lib/core/shell.py
 23657cd7d924e3c6d225719865855827  lib/core/subprocessng.py
 c3ace7874a536d801f308cf1fd03df99  lib/core/target.py
@@ -451,7 +451,7 @@ a279656ea3fcb85c727249b02f828383  xml/livetests.xml
 4b266898af8b7f380db910511de24ec4  xml/payloads/boolean_blind.xml
 103a4c9b12c582b24a3fac8147a9c8d4  xml/payloads/error_based.xml
 06b1a210b190d52477a9d492443725b5  xml/payloads/inline_query.xml
-96adb9bfbab867d221974d3ddb303cb6  xml/payloads/stacked_queries.xml
-9abc699fadede1e31586c2263ca900a4  xml/payloads/time_blind.xml
-033b39025e8ee0f302935f6db3a39e77  xml/payloads/union_query.xml
+3194e2688a7576e1f877d5b137f7c260  xml/payloads/stacked_queries.xml
+c2d8dd03db5a663e79eabb4495dd0723  xml/payloads/time_blind.xml
+ac649aff0e7db413e4937e446e398736  xml/payloads/union_query.xml
 1587a02322a96ac48973e782d6fedf73  xml/queries.xml
diff --git a/xml/payloads/stacked_queries.xml b/xml/payloads/stacked_queries.xml
@@ -5,7 +5,7 @@
     <test>
         <title>MySQL &gt; 5.0.11 stacked queries (comment)</title>
         <stype>4</stype>
-        <level>1</level>
+        <level>2</level>
         <risk>1</risk>
         <clause>0</clause>
         <where>1</where>
@@ -26,7 +26,7 @@
     <test>
         <title>MySQL &gt; 5.0.11 stacked queries</title>
         <stype>4</stype>
-        <level>2</level>
+        <level>3</level>
         <risk>1</risk>
         <clause>0</clause>
         <where>1</where>
@@ -46,7 +46,7 @@
      <test>
         <title>MySQL &gt; 5.0.11 stacked queries (query SLEEP - comment)</title>
         <stype>4</stype>
-        <level>2</level>
+        <level>3</level>
         <risk>1</risk>
         <clause>0</clause>
         <where>1</where>
@@ -67,7 +67,7 @@
     <test>
         <title>MySQL &gt; 5.0.11 stacked queries (query SLEEP)</title>
         <stype>4</stype>
-        <level>3</level>
+        <level>4</level>
         <risk>1</risk>
         <clause>0</clause>
         <where>1</where>
@@ -87,7 +87,7 @@
     <test>
         <title>MySQL &lt; 5.0.12 stacked queries (heavy query - comment)</title>
         <stype>4</stype>
-        <level>2</level>
+        <level>3</level>
         <risk>2</risk>
         <clause>0</clause>
         <where>1</where>
@@ -107,7 +107,7 @@
     <test>
         <title>MySQL &lt; 5.0.12 stacked queries (heavy query)</title>
         <stype>4</stype>
-        <level>4</level>
+        <level>5</level>
         <risk>2</risk>
         <clause>0</clause>
         <where>1</where>
diff --git a/xml/payloads/time_blind.xml b/xml/payloads/time_blind.xml
@@ -570,7 +570,7 @@
     </test>
 
     <test>
-        <title>Microsoft SQL Server/Sybase time-based blind</title>
+        <title>Microsoft SQL Server/Sybase time-based blind (IF)</title>
         <stype>5</stype>
         <level>1</level>
         <risk>1</risk>
@@ -591,7 +591,7 @@
     </test>
 
     <test>
-        <title>Microsoft SQL Server/Sybase time-based blind (comment)</title>
+        <title>Microsoft SQL Server/Sybase time-based blind (IF - comment)</title>
         <stype>5</stype>
         <level>4</level>
         <risk>1</risk>
diff --git a/xml/payloads/union_query.xml b/xml/payloads/union_query.xml
@@ -346,7 +346,7 @@
     <test>
         <title>MySQL UNION query ([CHAR]) - [COLSTART] to [COLSTOP] columns (custom)</title>
         <stype>6</stype>
-        <level>1</level>
+        <level>2</level>
         <risk>1</risk>
         <clause>1,2,3,4,5</clause>
         <where>1</where>
@@ -368,7 +368,7 @@
     <test>
         <title>MySQL UNION query (NULL) - [COLSTART] to [COLSTOP] columns (custom)</title>
         <stype>6</stype>
-        <level>1</level>
+        <level>2</level>
         <risk>1</risk>
         <clause>1,2,3,4,5</clause>
         <where>1</where>
@@ -412,7 +412,7 @@
     <test>
         <title>MySQL UNION query ([CHAR]) - 1 to 10 columns</title>
         <stype>6</stype>
-        <level>1</level>
+        <level>2</level>
         <risk>1</risk>
         <clause>1,2,3,4,5</clause>
         <where>1</where>
@@ -434,7 +434,7 @@
     <test>
         <title>MySQL UNION query (NULL) - 1 to 10 columns</title>
         <stype>6</stype>
-        <level>1</level>
+        <level>2</level>
         <risk>1</risk>
         <clause>1,2,3,4,5</clause>
         <where>1</where>
