Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

自定义payload长度变化没有√,建议默认加上双引号检测 #53

Closed
ddwpwop opened this issue Jul 14, 2023 · 0 comments
Closed

自定义payload长度变化没有√,建议默认加上双引号检测 #53

ddwpwop opened this issue Jul 14, 2023 · 0 comments

Comments

@ddwpwop
Copy link

ddwpwop commented Jul 14, 2023

测试发现,自定义payload下长度变化没有√
状态栏不显示,右侧变化显示“diy payload”

假设一场景SQL注入语法如下:

$id = $_REQUEST[ 'id' ];
$query  = "SELECT * FROM admin WHERE id = \"$id\" ";

使用双引号包裹的SQL语句,默认状态下使用单引号无法检测出问题。这里需要加入自定义payload,在自定义payload下加入双引号时会出现上述问题。

建议默认加上双引号检测

"
""
\"
\"\"

为应付部分JSON数据包,故加上"

目前虽然支持自定义payload,但是会出现刚开头说的问题,就算大小对比值不同不会带有√提示。这样导致需要一个个包判断返回包大小,较为浪费时间。
@ddwpwop ddwpwop closed this as completed Jul 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ddwpwop