Getting SQL Injection – SQLite in ZAP Tool

  • Hi Team, We’re getting the below SQL injection issue on our website on many of the input fields.

    Method: POST
    Parameter: _wpcf7_posted_data_hash
    Attack: case randomblob(100000) when not null then 1 else 1 end
    Evidence: The query time is controllable using parameter value [case randomblob(100000) when not null then 1 else 1 end ], which caused the request to take [5,234] milliseconds, parameter value [case randomblob(1000000) when not null then 1 else 1 end ], which caused the request to take [5,664] milliseconds, when the original unmodified query with value [] took [4,033] milliseconds.

    Can you please check and provide us a solution as soon as possible.

    Thanks

  • The topic ‘Getting SQL Injection – SQLite in ZAP Tool’ is closed to new replies.