AJ83 / jsql-injection

Automatically exported from code.google.com/p/jsql-injection
0 stars 0 forks source link

TimeBased Attack dont work #3

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
TimeBased Attack dont work

What is the expected output? What do you see instead?
nothing appear.

What version of the product are you using? On what operating system?
0.4

Please provide any additional information below.

Original issue reported on code.google.com by hoang9...@gmail.com on 28 May 2013 at 8:43

GoogleCodeExporter commented 8 years ago
TimeBased uses the parameter value provided by the user as a reference, it 
absolutely *needs* to be a valid URL request. Actually the user can't use any 
parameter value that is not correct for both Time and Blind to work.

So if a parameter value displays a correct page with, for example id=23, you 
must enter the correct URL into jSQL address bar in order to expect Time or 
Blind to work:
http://url/page.php?id=23

Original comment by ron190@ymail.com on 28 May 2013 at 12:54

GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
Also attach more information on the requests if possible (see tab Header for 
complete request+head), it may give some extra needed information ; you could 
add a pastebin, a google dork, an anonymized log, or send a mail.
Also have you manually verified that Time exploit works, without jSQL? In that 
case could you provide your parameter value and the SQL sleep statement, I'll 
make a comparison with jSQL.

Original comment by ron190@ymail.com on 30 May 2013 at 7:15