From f7993e9ccfdd4affc9ad51a337518e72d6d23df8 Mon Sep 17 00:00:00 2001 From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com> Date: Mon, 3 Jun 2024 12:56:10 +0530 Subject: [PATCH] lint fix --- .../vulnerabilities/sqli/time-based-sqli.yaml | 29 ++++++++++--------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/dast/vulnerabilities/sqli/time-based-sqli.yaml b/dast/vulnerabilities/sqli/time-based-sqli.yaml index 16d2d75568..3fd64ce568 100644 --- a/dast/vulnerabilities/sqli/time-based-sqli.yaml +++ b/dast/vulnerabilities/sqli/time-based-sqli.yaml @@ -3,31 +3,34 @@ id: time-based-sqli info: name: Time-Based Blind SQL Injection author: 0xKayala - severity: Critical - description: This Template detects time-based Blind SQL Injection vulnerability + severity: critical + description: | + This Template detects time-based Blind SQL Injection vulnerability tags: sqli,dast,time http: - method: GET path: - - "{{BaseURL}}" + - "{{BaseURL}}" + payloads: injection: - - "(SELECT(0)FROM(SELECT(SLEEP(7)))a)" - - "'XOR(SELECT(0)FROM(SELECT(SLEEP(7)))a)XOR'Z" - - "' AND (SELECT 4800 FROM (SELECT(SLEEP(7)))HoBG)--" - - "if(now()=sysdate(),SLEEP(7),0)" - - "'XOR(if(now()=sysdate(),SLEEP(7),0))XOR'Z" - - "'XOR(SELECT CASE WHEN(1234=1234) THEN SLEEP(7) ELSE 0 END)XOR'Z" + - "(SELECT(0)FROM(SELECT(SLEEP(7)))a)" + - "'XOR(SELECT(0)FROM(SELECT(SLEEP(7)))a)XOR'Z" + - "' AND (SELECT 4800 FROM (SELECT(SLEEP(7)))HoBG)--" + - "if(now()=sysdate(),SLEEP(7),0)" + - "'XOR(if(now()=sysdate(),SLEEP(7),0))XOR'Z" + - "'XOR(SELECT CASE WHEN(1234=1234) THEN SLEEP(7) ELSE 0 END)XOR'Z" fuzzing: - part: query type: replace mode: single fuzz: - - "{{injection}}" + - "{{injection}}" + stop-at-first-match: true matchers: - - type: dsl - dsl: - - "duration>=7 && duration <=16" + - type: dsl + dsl: + - "duration>=7 && duration <=16"