From e4b51dd5490f64e8c0f7fbf048e89244cc53d753 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 6 Dec 2010 17:23:21 +0000
Subject: [PATCH] proper way of handling OR based injections (completely
 compatible with current AND based inference engine)

---
 xml/payloads.xml | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/xml/payloads.xml b/xml/payloads.xml
index e3bd98687..9c382cec2 100644
--- a/xml/payloads.xml
+++ b/xml/payloads.xml
@@ -452,12 +452,12 @@ Formats:
         <risk>3</risk>
         <clause>1</clause>
         <where>2</where>
-        <vector>OR [INFERENCE]</vector>
+        <vector>OR NOT [INFERENCE]</vector>
         <request>
-            <payload>OR [RANDNUM]=[RANDNUM1]</payload>
+            <payload>OR NOT [RANDNUM]=[RANDNUM]</payload>
         </request>
         <response>
-            <comparison>OR [RANDNUM]=[RANDNUM]</comparison>
+            <comparison>OR NOT [RANDNUM]=[RANDNUM1]</comparison>
         </response>
     </test>
 
@@ -468,13 +468,13 @@ Formats:
         <risk>3</risk>
         <clause>1</clause>
         <where>2</where>
-        <vector>OR [INFERENCE]</vector>
+        <vector>OR NOT [INFERENCE]</vector>
         <request>
-            <payload>OR [RANDNUM]=[RANDNUM1]</payload>
+            <payload>OR NOT [RANDNUM]=[RANDNUM]</payload>
             <comment>#</comment>
         </request>
         <response>
-            <comparison>OR [RANDNUM]=[RANDNUM]</comparison>
+            <comparison>OR NOT [RANDNUM]=[RANDNUM1]</comparison>
         </response>
         <details>
             <dbms>MySQL</dbms>
@@ -488,13 +488,13 @@ Formats:
         <risk>3</risk>
         <clause>1</clause>
         <where>2</where>
-        <vector>OR [INFERENCE]</vector>
+        <vector>OR NOT [INFERENCE]</vector>
         <request>
-            <payload>OR [RANDNUM]=[RANDNUM1]</payload>
+            <payload>OR NOT [RANDNUM]=[RANDNUM]</payload>
             <comment>--</comment>
         </request>
         <response>
-            <comparison>OR [RANDNUM]=[RANDNUM]</comparison>
+            <comparison>OR NOT [RANDNUM]=[RANDNUM1]</comparison>
         </response>
     </test>
     <!-- End of boolean-based blind tests - WHERE clause -->