延时注入
1. 普通写法
id: base
info:
name: base
author: msk
description: 描述漏洞基本情况
severity: info 漏洞等级
tags: detect 标签
http:
- raw:
- |
GET /xxxx/xxx?payload HTTP/1.1
Host: {{Hostname}}
matchers:
- type: status
status:
- 200
- type: dsl
dsl:
- 'duration>=5'
matchers-condition: and
2. 双重验证
id: base
info:
name: base
author: msk
description: 描述漏洞基本情况
severity: info 漏洞等级
tags: detect 标签
http:
- raw:
- |
GET /xxxx/xxx?payload HTTP/1.1
Host: {{Hostname}}
- |
GET /xxxx/xxx?payload HTTP/1.1
Host: {{Hostname}}
matchers:
- type: status
status:
- 200
- type: dsl
dsl:
- 'duration_1>=5 & duration_1<=6'
- 'duration_2>=5 & duration_2<=6'
matchers-condition: and
报错注入
1. GET型
id: base
info:
name: base
author: msk
description: 描述漏洞基本情况
severity: info 漏洞等级
tags: detect 标签
http:
- raw:
- |
GET /xxxx/xxx?payload HTTP/1.1
Host: {{Hostname}}
- |
GET /xxxx/xxx?payload HTTP/1.1
Host: {{Hostname}}
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- "qkpzq1qqkkq"
condition: and
2. POST型
id: base
info:
name: base
author: msk
description: 描述漏洞基本情况
severity: info
tags: detect
http:
- raw:
- |
POST /xxxx/xxx HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
username=admin&&password=admin
- |
POST /xxxx/xxx HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
username=admin&&password=admin
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- "qkpzq1qqkkq"
condition: and
