Hi
Anyone can explain whats means with this vulnerability(Blind SQL Injection) and explain Attack details 1 and 2?
1.
This vulnerability affects /xxxx/.
Discovered by: Scripting (Blind_Sql_Injection.script).
Attack details
Path Fragment (suffix .html) input - was set to -1' or 61 = '59
2.
This vulnerability affects /xxxx/.
Discovered by: Scripting (Blind_Sql_Injection.script).
Attack details
Path Fragment (suffix .html) input /xxxx/ was set to -1 or 93 = 91
I appreciate your help
Jump to PostIn both cases it means that the application does not filter the data received from the clients, and so an attacher can enter additional statements to the query, for example, you receive a GET request on this link:
and the script does not filter:
In both cases it means that the application does not filter the data received from the clients, and so an attacher can enter additional statements to the query, for example, you receive a GET request on this link:
and the script does not filter:
$id = $_GET['id'];
$query = "delete from articles where id = $id";
now, imagine if the attacker enters something like this:
?id=17 and id between 1 and 1000&action=delete
It will delete 1000 articles. To mitigate these problems you should use prepared statements and sanitize all data received by the clients. If you're using the MySQL library consider to switch to PDO:
For more information about that kind of attack check this article:
Thank Sir for your Answer
How can I see the page error?
This is my local host which is vulnerability for Blind SQL Injection
http://localhost/xxxx/index.php
The acunetix web vulnerability scanner gives this result
This vulnerability affects /xxxx/index.php/%E2%80%8Cmajor/3206-0.html.
Discovered by: Scripting (Blind_Sql_Injection.script).
Attack details
URL encoded POST input ARTICLE_id was set to -1' or 11 = '9
How can I use blind SQL Injection attack to see error according this Attack details ?
Is it something like this
http://localhost/xxxx/index.php/ARTICLE_id=-1’
Is it right? when I do it? I got this meeage
Page Not Found
The requested URL was not found on this server.
If you believe this page should be here, please notify administrator.
Go home
search
How can I do?
Because it couldn’t show the valu of id like you id=17 http://localhost/article.php?id=17&action=delete” on my pages!.
It shows just like this
http://localhost/xxxx/index.php/shopping/3216-0.html
Show the code of this page if you want, we can suggest you what to fix.
In general the rule is: whenever the script receives data from $_POST, $_GET, $_REQUEST, $_COOKIE or any external source (as a file), then filter and validate it.
Additional documentation: http://php.net/filter
Thanks for answer cereal
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.