[+] Starting variant tests... ======================================== TESTING VERSION: v2.10.20 ======================================== [+] Cleaning up containers... Network vuln_variant_de-net Creating Network vuln_variant_de-net Created Container mysql Creating Container pg Creating Container mysql Created Container pg Created Container dataease Creating Container dataease Created Container pg Starting Container mysql Starting Container pg Started Container mysql Started Container mysql Waiting Container pg Waiting Container pg Healthy Container mysql Healthy Container dataease Starting Container dataease Started [+] Waiting for DataEase to start... [+] DataEase is ready. === VARIANT 1: mariadb type with allowMultiQueries=true (v2.10.20) === [+] mariadb datasource status: UNKNOWN [-] VARIANT 1 blocked: mariadb status=UNKNOWN === VARIANT 2: double-URL-encoded allowMultiQueries (v2.10.20) === [+] Encoded datasource status: Success [!] VARIANT 2 PARTIAL: encoded allowMultiQueries passed validation [!] VARIANT 2 CONFIRMED: Stacked SQL injection through encoded parameter! === VARIANT 3: PostgreSQL time-based stacked query (v2.10.20) === [+] PostgreSQL datasource status: Success [+] Baseline: 0.04s, Exploit: 5.04s [!] VARIANT 3 CONFIRMED: Time delay detected in PostgreSQL previewSql! ======================================== TESTING VERSION: v2.10.21 ======================================== [+] Cleaning up containers... Network vuln_variant_de-net Creating Network vuln_variant_de-net Created Container pg Creating Container mysql Creating Container mysql Created Container pg Created Container dataease Creating Container dataease Created Container mysql Starting Container pg Starting Container pg Started Container mysql Started Container mysql Waiting Container pg Waiting Container pg Healthy Container mysql Healthy Container dataease Starting Container dataease Started [+] Waiting for DataEase to start... [+] DataEase is ready. === VARIANT 1: mariadb type with allowMultiQueries=true (v2.10.21) === [+] mariadb datasource status: Error [-] VARIANT 1 blocked: mariadb status=Error === VARIANT 2: double-URL-encoded allowMultiQueries (v2.10.21) === [+] Encoded datasource status: Success [!] VARIANT 2 PARTIAL: encoded allowMultiQueries passed validation [!] VARIANT 2 CONFIRMED: Stacked SQL injection through encoded parameter! === VARIANT 3: PostgreSQL time-based stacked query (v2.10.21) === [+] PostgreSQL datasource status: Success [+] Baseline: 0.04s, Exploit: 0.03s [-] VARIANT 3: No time delay (exploit=0.03s, baseline=0.04s) [+] Cleaning up containers... [!] AT LEAST ONE VARIANT WAS CONFIRMED [+] Cleaning up containers...