Revisiting default level 1 payloads (MySQL stacked queries are as frequent as double rainbows)

2026-01-03 05:09:15 +00:00 · 2016-09-29 12:59:51 +02:00
parent 3b3ab072e6
commit 3409953538
5 changed files with 17 additions and 17 deletions
--- a/xml/payloads/stacked_queries.xml
+++ b/xml/payloads/stacked_queries.xml
@@ -5,7 +5,7 @@
    <test>
        <title>MySQL &gt; 5.0.11 stacked queries (comment)</title>
        <stype>4</stype>
-        <level>1</level>
+        <level>2</level>
        <risk>1</risk>
        <clause>0</clause>
        <where>1</where>
@@ -26,7 +26,7 @@
    <test>
        <title>MySQL &gt; 5.0.11 stacked queries</title>
        <stype>4</stype>
-        <level>2</level>
+        <level>3</level>
        <risk>1</risk>
        <clause>0</clause>
        <where>1</where>
@@ -46,7 +46,7 @@
     <test>
        <title>MySQL &gt; 5.0.11 stacked queries (query SLEEP - comment)</title>
        <stype>4</stype>
-        <level>2</level>
+        <level>3</level>
        <risk>1</risk>
        <clause>0</clause>
        <where>1</where>
@@ -67,7 +67,7 @@
    <test>
        <title>MySQL &gt; 5.0.11 stacked queries (query SLEEP)</title>
        <stype>4</stype>
-        <level>3</level>
+        <level>4</level>
        <risk>1</risk>
        <clause>0</clause>
        <where>1</where>
@@ -87,7 +87,7 @@
    <test>
        <title>MySQL &lt; 5.0.12 stacked queries (heavy query - comment)</title>
        <stype>4</stype>
-        <level>2</level>
+        <level>3</level>
        <risk>2</risk>
        <clause>0</clause>
        <where>1</where>
@@ -107,7 +107,7 @@
    <test>
        <title>MySQL &lt; 5.0.12 stacked queries (heavy query)</title>
        <stype>4</stype>
-        <level>4</level>
+        <level>5</level>
        <risk>2</risk>
        <clause>0</clause>
        <where>1</where>
--- a/xml/payloads/time_blind.xml
+++ b/xml/payloads/time_blind.xml
@@ -570,7 +570,7 @@
    </test>

    <test>
-        <title>Microsoft SQL Server/Sybase time-based blind</title>
+        <title>Microsoft SQL Server/Sybase time-based blind (IF)</title>
        <stype>5</stype>
        <level>1</level>
        <risk>1</risk>
@@ -591,7 +591,7 @@
    </test>

    <test>
-        <title>Microsoft SQL Server/Sybase time-based blind (comment)</title>
+        <title>Microsoft SQL Server/Sybase time-based blind (IF - comment)</title>
        <stype>5</stype>
        <level>4</level>
        <risk>1</risk>
--- a/xml/payloads/union_query.xml
+++ b/xml/payloads/union_query.xml
@@ -346,7 +346,7 @@
    <test>
        <title>MySQL UNION query ([CHAR]) - [COLSTART] to [COLSTOP] columns (custom)</title>
        <stype>6</stype>
-        <level>1</level>
+        <level>2</level>
        <risk>1</risk>
        <clause>1,2,3,4,5</clause>
        <where>1</where>
@@ -368,7 +368,7 @@
    <test>
        <title>MySQL UNION query (NULL) - [COLSTART] to [COLSTOP] columns (custom)</title>
        <stype>6</stype>
-        <level>1</level>
+        <level>2</level>
        <risk>1</risk>
        <clause>1,2,3,4,5</clause>
        <where>1</where>
@@ -412,7 +412,7 @@
    <test>
        <title>MySQL UNION query ([CHAR]) - 1 to 10 columns</title>
        <stype>6</stype>
-        <level>1</level>
+        <level>2</level>
        <risk>1</risk>
        <clause>1,2,3,4,5</clause>
        <where>1</where>
@@ -434,7 +434,7 @@
    <test>
        <title>MySQL UNION query (NULL) - 1 to 10 columns</title>
        <stype>6</stype>
-        <level>1</level>
+        <level>2</level>
        <risk>1</risk>
        <clause>1,2,3,4,5</clause>
        <where>1</where>