August 2018
Intermediate to advanced
404 pages
10h 22m
English
We skipped the blind SQL injection test in this recipe (-m "-blindsql"), as we already know this application is vulnerable. When it reaches the point of calculating a time-based injection, it provokes a timeout error that makes Wapiti close before the scan is finished, because Wapiti tests multiple times by injecting the sleep() command until the server passes the timeout threshold.
Also, we have selected the HTML format for output (-f html) and wapiti_result as our report's destination directory; we can also have other formats, such as JSON, OpenVas, TXT, or XML.
Other interesting options in Wapiti are:
Read now
Unlock full access