client9
Add keywords for error reporting injection and case injection
chinese: 增加对报错注入的优化和对case的优化 English: Add keywords for error reporting injection and case injection
增加对 - 结尾的优化 Increase the optimization of - ending
As follows: `static size_t parse_dash(struct libinjection_sqli_state * sf) { const char *cs = sf->s; const size_t slen = sf->slen; size_t pos = sf->pos;
/*
- five cases
-
- --[white] this is always a SQL comment
-
- --[EOF] this is a comment
-
- --[notwhite] in MySQL this is NOT a comment but two unary operators
-
- --[notwhite] everyone else thinks this is a comment
-
- -[not dash] '-' is a unary operator */
if (pos + 2 == slen && cs[pos + 1] == '-' && char_is_white(cs[pos+2]) ) { return parse_eol_comment(sf); } else if (pos +2 == slen && cs[pos + 1] == '-') { return parse_eol_comment(sf); } else if (pos + 1 == slen && cs[pos + 1] == '-' && (sf->flags & FLAG_SQL_ANSI)) { /* --[not-white] not-white case: * */ sf->stats_comment_ddx += 1; return parse_eol_comment(sf); } else { st_assign_char(sf->current, TYPE_OPERATOR, pos, 1, '-'); return pos + 1; } }`
Error injection test case:
and (select 1 from (select count(*),concat(user(),floor(rand(0)*2))x from information_schema.tables group by x)a); and (extractvalue(1,concat(0x7e,(select user()),0x7e))); and (updatexml(1,concat(0x7e,(select user()),0x7e),1)); and geometrycollection((select * from(select * from(select user())a)b)); and multipoint((select * from(select * from(select user())a)b)); and polygon((select * from(select * from(select user())a)b)); and multipolygon((select * from(select * from(select user())a)b)); and linestring((select * from(select * from(select user())a)b)); and multilinestring((select * from(select * from(select user())a)b)); and exp(~(select * from(select user())a));
case else test case
' or 1=case when current_user like 'dvwa%' then 1 else 3*1e08 end or 1=x'
'-1=x'