only time-based SQLi worked
I use Arachni to scan WebPentestLab's vulnerable website.
And i find that Arachni only can find the SQLi vulns by timing
attack, and this will take a long time.
while sqlmap will detect the SQLi vulns quickly with all techs,
such as boolean-based, union-based .
arachni cant find a SQLi by bolean-based algorithm ,like:
?id=xx' and '1'='1
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
Support Staff 1 Posted by Tasos Laskos on 05 Jan, 2016 02:05 PM
Can you try the nighlies please?
They've had some improvements in this area.
Cheers
2 Posted by KxCode on 05 Jan, 2016 02:18 PM
I'll have a try. thks
I decide to concern on this project . Cheers, followed you on twitter : P
3 Posted by KxCode on 05 Jan, 2016 04:00 PM
i tried the nighlies version. but the problem still exists.
only the time-based payload works fine in Arachni.
you can try with the SQLi example 1 in this https://pentesterlab.com/exercises/web_for_pentester
Support Staff 4 Posted by Tasos Laskos on 06 Jan, 2016 01:28 PM
I just got a positive result for the
nameinput from the differential analysis check:Can you not reproduce this with the nightlies?
5 Posted by KxCode on 19 Jan, 2016 07:06 AM
nighlies works
Tasos Laskos closed this discussion on 19 Jan, 2016 10:23 AM.