sqlinejction in useragent

Question

r0x5r opened this issue 2 years ago · 3 comments

hey can we use sql injection payload in useragent 'XOR(if(now()=sysdate(),sleep(5*5),0))OR' this can you share the command

Answer 1 · 2022-04-18T16:44:23.000Z

Yes, since jeeves makes his verification by the request time, you can insert payloads in header

Answer 2 · 2022-04-18T16:48:34.000Z

can you share the command for this

Answer 3 · 2022-04-19T22:45:40.000Z

Yes man, I definitively going to put this on the new readme