mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 09:36:35 +03:00
Updated Introduction (markdown)
parent
41f3be1bd3
commit
ec2cb47748
|
@ -19,7 +19,7 @@ is the same page as the original one and (the condition evaluates to **True**):
|
|||
|
||||
differs from the original one (the condition evaluates to **False**). This likely means that you are in front of a SQL injection vulnerability in the `id` `GET` parameter of the `index.php` page. Additionally, no sanitisation of user's supplied input is taking place before the SQL statement is sent to the back-end database management system.
|
||||
|
||||
This is quite a common flaw in dynamic content web applications and it does not depend upon the back-end database management system nor on the web application programming language; it is a flaw within the application code. The [Open Web Application Security Project](http://www.owasp.org) rated this class of vulnerability as the [most common](https://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf) and serious web application vulnerability in their [Top Ten](http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project) list from 2010.
|
||||
This is quite a common flaw in dynamic content web applications and it does not depend upon the back-end database management system nor on the web application programming language; it is a flaw within the application code. The [Open Web Application Security Project](http://www.owasp.org) rated this class of vulnerability as the [most common](https://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf) and serious web application vulnerability in their [Top Ten](http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project) list from 2013.
|
||||
|
||||
Now that you have found the vulnerable parameter, you can exploit it by manipulating the `id` parameter value in the HTTP request.
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user