The so-called delayed injection is a method of injection that takes a Delayed approach for the existence of injection but does not return values. In other words, when the injection statement is successfully executed and enters the delayed wait state, if the execution fails, there is no waiting time. The system can determine the injection result through this time difference. This is also a common injection method in PHP, especially in the face of some disgusting and abnormal injections.
However, this method also has many shortcomings, which are often affected by various factors, resulting in a decline in the success rate. We know that in MD5, the entire MD5 will be decommissioned as long as one character cannot be guessed. So here I will explain how to improve the success rate of Delayed Injection.
1. network speed. This is also the most important item. The network speed here refers to the network speed of EXP and the target server. During the latency injection test, I put EXP on my blog (zyday.com, US space) server and the company's m optical fiber server. The success rate of the latter is much higher than that of the former. We can't change the network speed of the target server, but we can choose to test it late at night. The load on the server is relatively small and the network speed is relatively faster.
2. Delay Time. During the injection process, we can determine whether the injection results are delayed. In fact, we cannot avoid the server response time being too long or timeout due to network factors. When this happens, we will think that this is a successful execution of the injection, which eventually leads to the failure of the entire injection. The only solution is to increase the Latency by at least 3 seconds. The longer the set latency, the greater the success rate.
3. Number of times. This is a small detail. We cannot guarantee that the success rate is 100%, but we can try multiple times to compare the results and remove error characters to improve the success rate.
The above are some of my personal points of view. If you have any mistakes, please kindly advise. Thank you.