Time-based SQLi fuzzing template! #8245
Replies: 3 comments 1 reply
-
We have a separate repo for fuzzing templates, you can see the example for SQLi fuzzing templates here. Note: Time-Based SQLi Fuzzing templates can produce false positives because of network delay Example: id: time-based-sqli-fuzzing
info:
name: Time Based SQLi Fuzzing
author: princechaddha
severity: high
variables:
sqli_payload: SLEEP(5) /*' or SLEEP(5) or '" or SLEEP(5) or "*/
http:
- method: GET
path:
- "{{BaseURL}}"
fuzzing:
- part: query
fuzz:
- "{{sqli_payload}}"
matchers:
- type: dsl
dsl:
- 'duration>=5' |
Beta Was this translation helpful? Give feedback.
0 replies
-
Oh, thanks brother! I want to add more payloads here, How can I do it? Please help me! |
Beta Was this translation helpful? Give feedback.
0 replies
-
@nazmul-ethi You can add more payloads under fuzz:
- "{{sqli_payload}}"
- "{{sqli_payload2}}" |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
How to create Time-based SQLi fuzzing template?
Beta Was this translation helpful? Give feedback.
All reactions