By Romain Thursday, November 9 2006 - 19:18 UTC - Vulnerabilities - Permalink
Two days ago I was working on my web apps scanner and I was thinking on a solution/proof that the given page is a result of a Blind SQL Injection.
I keep think about thiss... the solution I have for the moment is the comparaison of theses three results:
(1) nastyScript.php?param= (2) nastyScript.php?param=A (3) nastyScript.php?param=B and (4) nastyScript.php?param=A AND_SQL_INJECTION_CODE (5) nastyScript.php?param=SQL_INJECTION_CODE
where:
A is one of the values parsed in the website
B is an out-of-range value (with the same type as a real value)
By the way, (1) & (3) should return a 404-like page or another default page. But if the script is vulnerable, the (4) can also return a kind of default page but (5) should return another page, different from the (1) a/o (3)...
Comments