A SQL injection vulnerability has been identified in version 3.1.11 of the Siyuan Note application in the ids array parameter in the POST endpoint /api/attr/batchGetBlockAttrs The code that caused the vulnerability: Vulnerability occurs due to chain concatenation in sql query in file: /siyuan-3....
[07:11:15] [PAYLOAD] 2) AND 8998=5058 [..] Target is confirm vulnerable to blind Sql Injections, bug found by acunetix and Uniscan project.kindly help me regarding this that how can i do perfect injection using sqlmap. i tried --hex but didn't succeed. PS : i got this from NIKTO...