Open Himself132 opened 5 years ago
Right now xcat doesn't do or
injections unfortunately, which is a shame.
You can add your injections quite easily to this file: https://github.com/orf/xcat/blob/master/xcat/injections.py#L9
i.e:
Injection('custom',
"some example",
(
("{working} or true() or ''='o", True),
("{working} or false() or ''='o", False),
),
"{working} or {expression} or ''='o"),
That being said, your injection should work with and
:
https://FQDN/PATH1/PATH2/?PARAM1=VALUE' and true() and not ''='o
Thanks I'll give that a shot
Right now xcat doesn't do
or
injections unfortunately, which is a shame.
why is this the case? i had an injection where i needed to inject ' or
and changing all ' and
s to ' or
with a mitm proxy worked, so i assume no additional logic is necessary
Wondering how I can add the following custom injection string to the library. I spent some time on it and can't get it to work.
Here is the general approach of true and false condition:
Returns Data https://FQDN/PATH1/PATH2/?PARAM1=VALUE https://FQDN/PATH1/PATH2/?PARAM1=VALUE' or true() or ''='o
Does Not Return Data https://FQDN/PATH1/PATH2/?PARAM1=VALUE' or false() or ''='o