[SECURITY] Undetectable Time-Base Injection
raminfp opened this issue · comments
Hi,
libinection-rs unable to detect time base sql inection,
1 - Payload 1'=sleep(10)='1
let (is_sqli, fingerprint) = sqli("1'=sleep(10)='1").unwrap();
assert!(is_sqli); // false
assert_eq!("s&sos", fingerprint);
2- Payloads used to determine database version '=IF(MID(VERSION(),1,1)=1,SLEEP(10),0)='1
let (is_sqli, fingerprint) = sqli("'=IF(MID(VERSION(),1,1)=1,SLEEP(10),0)='1").unwrap();
assert!(is_sqli); // false
assert_eq!("s&sos", fingerprint);
Thanks,
Ramin - kernel security engineering
Best regards,
Thank you for the report. Please note that this repository is a bindings to libinjection.