-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
列表json中的参数 没有检测出sql注入 #1714
Comments
此处应该是能检测出来的,方便说下payload或者提供一下测试站点吗? |
这个是xray跑出来的结果 sqlmap的日志如下:
|
了解了,这个是因为当前xray对于json的解析深度限制导致的,后面我们会优化一下这个问题,感谢反馈! |
发现没有在列表值中注入探测点,所以这部分sql注入没有发现
通过burpsuite和sqlmap是能够发现该问题的
The text was updated successfully, but these errors were encountered: