0

Hi
Anyone can explain whats means with this vulnerability(Blind SQL Injection) and explain Attack details 1 and 2?

1.
This vulnerability affects /xxxx/.
Discovered by: Scripting (Blind_Sql_Injection.script).
Attack details
Path Fragment (suffix .html) input - was set to -1' or 61 = '59

2.
This vulnerability affects /xxxx/.
Discovered by: Scripting (Blind_Sql_Injection.script).
Attack details
Path Fragment (suffix .html) input /xxxx/ was set to -1 or 93 = 91

I appreciate your help

Edited by tony75

2
Contributors
4
Replies
27
Views
3 Years
Discussion Span
Last Post by tony75
1

In both cases it means that the application does not filter the data received from the clients, and so an attacher can enter additional statements to the query, for example, you receive a GET request on this link:

and the script does not filter:

$id = $_GET['id'];

$query = "delete from articles where id = $id";

now, imagine if the attacker enters something like this:

?id=17 and id between 1 and 1000&action=delete

It will delete 1000 articles. To mitigate these problems you should use prepared statements and sanitize all data received by the clients. If you're using the MySQL library consider to switch to PDO:

For more information about that kind of attack check this article:

0

Thank Sir for your Answer

How can I see the page error?

This is my local host which is vulnerability for Blind SQL Injection
http://localhost/xxxx/index.php
The acunetix web vulnerability scanner gives this result
This vulnerability affects /xxxx/index.php/%E2%80%8Cmajor/3206-0.html.
Discovered by: Scripting (Blind_Sql_Injection.script).
Attack details
URL encoded POST input ARTICLE_id was set to -1' or 11 = '9
How can I use blind SQL Injection attack to see error according this Attack details ?
Is it something like this
http://localhost/xxxx/index.php/ARTICLE_id=-1’
Is it right? when I do it? I got this meeage

Page Not Found
The requested URL was not found on this server.
If you believe this page should be here, please notify administrator.
Go home
search

How can I do?
Because it couldn’t show the valu of id like you id=17 http://localhost/article.php?id=17&action=delete” on my pages!.

It shows just like this
http://localhost/xxxx/index.php/shopping/3216-0.html

Edited by tony75

0

Show the code of this page if you want, we can suggest you what to fix.

In general the rule is: whenever the script receives data from $_POST, $_GET, $_REQUEST, $_COOKIE or any external source (as a file), then filter and validate it.

Additional documentation: http://php.net/filter

Edited by cereal

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.