I have a client who is using a company called Aperia Solutions to scan her site for any vulnerabilities. The scan came across a Blind SQL Injection, here is the message.
Found blind SQL injection on http://www.woodcarvedbirds.com/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- using method GET
Parameter P
behaves differently with the following payloads:
ADw-script AD4-alert(42) ADw-/script AD4-' OR '68472'='68472
ADw-script AD4-alert(42) ADw-/script AD4-' AND '68472'='68473
Has anyone run into this issue? I can't seem to find where the SQL injection is happening. Any help will do. Thanks. I'm using the latest Joomla Build and VM.