daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1115 from geeknik/patch-16 

Update error-based-sql-injection.yaml
patch-1
PD-Team 2021-03-21 20:29:03 +05:30 committed by GitHub
parent 2cc10ab3c5 8fd55de534
commit 42e055e104
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
vulnerabilities/generic/error-based-sql-injection.yaml
View File

@ -8,12 +8,13 @@ info:
tags: sqli tags: sqli
requests: requests:
- method: GET - raw:
path: - |
- "{{BaseURL}}/') OR 1 = 1 -- ];" GET /') OR 1 = 1 -- ];
Host: {{Hostname}}
# Nuclei's use of net/http here will automatically encode the payload, thus sending {{BaseURL}}/%27%29%20OR%201%20=%201%20--%20%5D; as the request User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
# In order to send an unencoded payload, you'll have to make use of the rawhttp library by crafting a raw HTTP request Accept: */*
Connection: close
matchers-condition: and matchers-condition: and
matchers: matchers: