News:

You may pay someone to create your store, or you visit our seminar and become a professional yourself with the silver certification

Main Menu

Blind SQL Injection Question

Started by fearless924, September 24, 2012, 17:48:47 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

fearless924

September 24, 2012, 17:48:47 PM
I have a client who is using a company called Aperia Solutions to scan her site for any vulnerabilities.   The scan came across a Blind SQL Injection, here is the message.

Found blind SQL injection on http://www.woodcarvedbirds.com/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- using method GET

Parameter P
behaves differently with the following payloads:
ADw-script AD4-alert(42) ADw-/script AD4-' OR '68472'='68472
ADw-script AD4-alert(42) ADw-/script AD4-' AND '68472'='68473

Has anyone run into this issue?  I can't seem to find where the SQL injection is happening.  Any help will do.  Thanks.  I'm using the latest Joomla Build and VM.
Print
Go Up Pages1
User actions