Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

False Positive SQL #20

Open
sundarv85 opened this issue Apr 25, 2024 · 4 comments
Open

False Positive SQL #20

sundarv85 opened this issue Apr 25, 2024 · 4 comments
Labels
invalid This doesn't seem right

Comments

@sundarv85
Copy link

Hello

test string = "select count() as count FROM payment.stock where eventDate >= toDate(2023-04-18 11:36:00) AND eventDate <= toDate(2023-04-25 11:36:39) AND id = 63fc87ef9ed8e23d4dc9a74c AND wid = 66013ad78c09ae7e5d2f0f01 AND eventDateTime >= 2023-04-18 11:36:00 AND eventDateTime <= 2023-04-25 11:36:39 FORMAT JSON&session_timeout=60&output_format_json_quote_64bit_integers=0&enable_http_compression=0"

→ go run libsqli.go 
=========result==========:  true
=======fingerprint=======:  Ef()k

Any idea why this is reported as true
@fzipi
Copy link
Member

fzipi commented Jun 5, 2024

Sorry, what is your question here?

@jptosso
Copy link
Member

jptosso commented Jun 5, 2024

this is a SQL query, so technically it's an sql injection

@fzipi
Copy link
Member

fzipi commented Jun 5, 2024

this is a SQL query, so technically it's an sql injection

100%. Hence my question. 😄

@fzipi fzipi added invalid This doesn't seem right labels Jun 5, 2024
@fzipi
Copy link
Member

fzipi commented Jul 3, 2024

ping @sundarv85

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
invalid This doesn't seem right
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jptosso @fzipi @sundarv85