daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update time-based-sqli.yaml

patch-4
Ritik Chaddha 2024-06-12 00:08:52 +05:30 committed by GitHub
parent ddb7bac07b
commit f82a70bdda
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
dast/vulnerabilities/sqli/time-based-sqli.yaml
View File

@ -6,13 +6,26 @@ info:
severity: critical severity: critical
description: | description: |
This Template detects time-based Blind SQL Injection vulnerability This Template detects time-based Blind SQL Injection vulnerability
tags: sqli,dast,time tags: sqli,dast,time-based,blind
flow: http(1) && http(2)
http: http:
- method: GET - method: GET
path: path:
- "{{BaseURL}}" - "{{BaseURL}}"
matchers:
- type: dsl
dsl:
- "duration<=7"
- raw:
- |
@timeout: 20s
GET / HTTP/1.1
Host: {{Hostname}}
payloads: payloads:
injection: injection:
- "(SELECT(0)FROM(SELECT(SLEEP(7)))a)" - "(SELECT(0)FROM(SELECT(SLEEP(7)))a)"