News:

Looking for documentation? Take a look on our wiki

Main Menu

Blind SQL Injection Question

Started by fearless924, September 24, 2012, 17:48:47 PM

Previous topic - Next topic

fearless924

I have a client who is using a company called Aperia Solutions to scan her site for any vulnerabilities.   The scan came across a Blind SQL Injection, here is the message.

Found blind SQL injection on http://www.woodcarvedbirds.com/?P=+ADw-script+AD4-alert(42)+ADw-/script+AD4- using method GET

Parameter P
behaves differently with the following payloads:
ADw-script AD4-alert(42) ADw-/script AD4-' OR '68472'='68472
ADw-script AD4-alert(42) ADw-/script AD4-' AND '68472'='68473


Has anyone run into this issue?  I can't seem to find where the SQL injection is happening.  Any help will do.  Thanks.  I'm using the latest Joomla Build and VM.