NoSQLi hangs on boolean based scan on POST request #10
Comments
|
Could you try running nosqli through a proxy? It would help to see the request that is hanging, or if it seems to go into some kind of loop for some reason. |
Unfortunately, I cant. Mentioned issue is fixed by dev - cant test it now. If something similar happens i'll try with proxy and write needed info here. |
|
I had similar scenario again and i tried using local proxy.
But when i try to use nosqli with proxy I cant make it work. I've tried different scenarios:
Not sure what do i need to do to make it work... help appreciated |
|
Thank you for looking into it more carefully! The program uses HTTP proxies, so it's looking for a URL (this is probably something I can make less error prone based on your usage here). Here's what I do when using burp:
|
|
Thank you for your help! Problem was in protocol - |
|
@Charlie-belmer Issue reproduced: This time i leaved nosqli to work over weekend and when i came back i got error in console:
When checking sent requests we can see that last request sent by nosqli was not properly finished:
I've send the same request today and response was received correctly. |
I've tried nosqli on several different routes where i found injection manually to get familiar with the tool.
I have a target with vulnerable params in request body. When i start nosqli against it - it hangs on boolean based scan .
I've tried using a file (request copied from Burp) and also run command with url and body params: result is same for both cases, so there should be no syntax problems .
Unfortunately, i cant share info about vulnerable app so you can try debug on your side but maybe u can help me with debugging: is there some kind of verbose mode so i can check details?
Also to add - I don't have the same problem on the same target for few other requests where noSQL injection exist - but for every of them GET method is used.
The text was updated successfully, but these errors were encountered: