Member Avatar for tony75

Hi
Anyone can explain whats means with this vulnerability(Blind SQL Injection) and explain Attack details 1 and 2?

1.
This vulnerability affects /xxxx/.
Discovered by: Scripting (Blind_Sql_Injection.script).
Attack details
Path Fragment (suffix .html) input - was set to -1' or 61 = '59

2.
This vulnerability affects /xxxx/.
Discovered by: Scripting (Blind_Sql_Injection.script).
Attack details
Path Fragment (suffix .html) input /xxxx/ was set to -1 or 93 = 91

I appreciate your help

Edited by tony75
  • 2 Contributors
  • 4 Replies
  • 706 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by tony75
Member Avatar for cereal

In both cases it means that the application does not filter the data received from the clients, and so an attacher can enter additional statements to the query, for example, you receive a GET request on this link:

and the script does not filter:

$id = $_GET['id'];

$query = "delete from articles where id = $id";

now, imagine if the attacker enters something like this:

?id=17 and id between 1 and 1000&action=delete

It will delete 1000 articles. To mitigate these problems you should use prepared statements and sanitize all data received by the clients. If you're using the MySQL library consider to switch to PDO:

For more information about that kind of attack check this article:

Member Avatar for tony75

Thank Sir for your Answer

How can I see the page error?

This is my local host which is vulnerability for Blind SQL Injection
http://localhost/xxxx/index.php
The acunetix web vulnerability scanner gives this result
This vulnerability affects /xxxx/index.php/%E2%80%8Cmajor/3206-0.html.
Discovered by: Scripting (Blind_Sql_Injection.script).
Attack details
URL encoded POST input ARTICLE_id was set to -1' or 11 = '9
How can I use blind SQL Injection attack to see error according this Attack details ?
Is it something like this
http://localhost/xxxx/index.php/ARTICLE_id=-1’
Is it right? when I do it? I got this meeage

Page Not Found
The requested URL was not found on this server.
If you believe this page should be here, please notify administrator.
Go home
search

How can I do?
Because it couldn’t show the valu of id like you id=17 http://localhost/article.php?id=17&action=delete” on my pages!.

It shows just like this
http://localhost/xxxx/index.php/shopping/3216-0.html

Edited by tony75
Member Avatar for cereal

Show the code of this page if you want, we can suggest you what to fix.

In general the rule is: whenever the script receives data from $_POST, $_GET, $_REQUEST, $_COOKIE or any external source (as a file), then filter and validate it.

Additional documentation: http://php.net/filter

Edited by cereal
Member Avatar for tony75

Thanks for answer cereal

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.