1

I was testing Burp Suite Crawl on some old php sites I made and it found Sleepy User-Agent SQL injection vulnerability

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36 '+(select*from(select(sleep(20)))a)+'

And I am wondering how this can be applicable in sqlmap, I found that sqlmap can be used in Boolean-based and Time-dependent SQL injection (https://stackoverflow.com/questions/33708851/combination-of-boolean-based-and-time-dependent-sql-injection-in-sqlmap) but I can not figure it out how to use it in this User-Agent vulnerability

schroeder
  • 123,438
  • 55
  • 284
  • 319
Marek
  • 11
  • 3

1 Answers1

0

sqlmap have in test patterns Boolean-based with Time-dependent SQL injection but you must specify where you want to test SQL injections patterns.

So in my case I used option --user-agent="*" which should be empty user agent and * is specifying where this patterns will be tested (because in my case it do not require have something in it).

One more tip - when someone is using sqlmap over tor and want to test Time-dependent SQL injection, you must specify --time-sec= to atleast 4-5 seconds due the tor network speed.

Marek
  • 11
  • 3