BLIND SQL Injection False Positive #311

Closed
DevNerd opened this Issue Nov 23, 2012 · 2 comments

Comments

Projects
None yet
2 participants

DevNerd commented Nov 23, 2012

Just did a scan on some website, and this was happening

//START-----Blind SQL Injection----------//
Issue: Blind SQL Injection
Description SQL code can be injected into the web application
    even though it may not be obvious due to suppression of error messages.
Method: POST
Element: form
Var: __original_values__
Injected: ')) and '1
Response Match:

This keeps happening alot, latency issues? false positives?

Zapotek was assigned Nov 23, 2012

Owner

Zapotek commented Nov 23, 2012

Could you send me details about reproducing this? Send it to my e-mail if the info is sensitive.

Owner

Zapotek commented Feb 8, 2013

Couldn't reproduce it when initially reported and this issue has been inactive for 3 months. Closing for now but feel free to re-open if need be.

Zapotek closed this Feb 8, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment