Open GoogleCodeExporter opened 8 years ago
TimeBased uses the parameter value provided by the user as a reference, it
absolutely *needs* to be a valid URL request. Actually the user can't use any
parameter value that is not correct for both Time and Blind to work.
So if a parameter value displays a correct page with, for example id=23, you
must enter the correct URL into jSQL address bar in order to expect Time or
Blind to work:
http://url/page.php?id=23
Original comment by ron190@ymail.com
on 28 May 2013 at 12:54
[deleted comment]
Also attach more information on the requests if possible (see tab Header for
complete request+head), it may give some extra needed information ; you could
add a pastebin, a google dork, an anonymized log, or send a mail.
Also have you manually verified that Time exploit works, without jSQL? In that
case could you provide your parameter value and the SQL sleep statement, I'll
make a comparison with jSQL.
Original comment by ron190@ymail.com
on 30 May 2013 at 7:15
Original issue reported on code.google.com by
hoang9...@gmail.com
on 28 May 2013 at 8:43