From ec2cb47748cc4eafe48a55cedcd2335d838e3e38 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 30 Sep 2013 23:39:05 -0700 Subject: [PATCH] Updated Introduction (markdown) --- Introduction.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Introduction.md b/Introduction.md index 1e6e6f7..6df287f 100644 --- a/Introduction.md +++ b/Introduction.md @@ -19,7 +19,7 @@ is the same page as the original one and (the condition evaluates to **True**): differs from the original one (the condition evaluates to **False**). This likely means that you are in front of a SQL injection vulnerability in the `id` `GET` parameter of the `index.php` page. Additionally, no sanitisation of user's supplied input is taking place before the SQL statement is sent to the back-end database management system. -This is quite a common flaw in dynamic content web applications and it does not depend upon the back-end database management system nor on the web application programming language; it is a flaw within the application code. The [Open Web Application Security Project](http://www.owasp.org) rated this class of vulnerability as the [most common](https://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf) and serious web application vulnerability in their [Top Ten](http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project) list from 2010. +This is quite a common flaw in dynamic content web applications and it does not depend upon the back-end database management system nor on the web application programming language; it is a flaw within the application code. The [Open Web Application Security Project](http://www.owasp.org) rated this class of vulnerability as the [most common](https://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf) and serious web application vulnerability in their [Top Ten](http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project) list from 2013. Now that you have found the vulnerable parameter, you can exploit it by manipulating the `id` parameter value in the HTTP request.