Separate the purest form of payload from audit strings to assist with exploitation #360

Open
Zapotek opened this Issue Jul 18, 2013 · 0 comments

Projects

None yet

1 participant

@Zapotek
Member
Zapotek commented Jul 18, 2013

Example based on the timing attack SQL injection module:

  • Module injects something like: ')) ; SELECT pg_sleep(10)--
  • Executable code is: SELECT pg_sleep(10)

By making that distinction in audit modules, element audit methods and the issue object, it will become very easy for exploitation tools to use that data to achieve their goal. After that, all it would take is to substitute the module's payload with the exploit's payload in the injected string and replay the request.

@Zapotek Zapotek was assigned Jul 18, 2013
@Zapotek Zapotek removed this from the v0.5 milestone May 24, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment