Update time-based-sqli.yaml

dast/vulnerabilities/sqli/time-based-sqli.yaml

@@ -6,13 +6,26 @@ info:
   severity: critical
   description: |
     This Template detects time-based Blind SQL Injection vulnerability
-  tags: sqli,dast,time
+  tags: sqli,dast,time-based,blind
+
+flow: http(1) && http(2)
 
 http:
   - method: GET
     path:
       - "{{BaseURL}}"
 
+    matchers:
+      - type: dsl
+        dsl:
+          - "duration<=7"
+
+  - raw:
+      - |
+        @timeout: 20s
+        GET / HTTP/1.1
+        Host: {{Hostname}}
+
     payloads:
       injection:
         - "(SELECT(0)FROM(SELECT(SLEEP(7)))a)"