Getting SQL Injection – SQLite in ZAP Tool
-
Hi Team, We’re getting the below SQL injection issue on our website on many of the input fields.
Method: POST
Parameter: _wpcf7_posted_data_hash
Attack: case randomblob(100000) when not null then 1 else 1 end
Evidence: The query time is controllable using parameter value [case randomblob(100000) when not null then 1 else 1 end ], which caused the request to take [5,234] milliseconds, parameter value [case randomblob(1000000) when not null then 1 else 1 end ], which caused the request to take [5,664] milliseconds, when the original unmodified query with value [] took [4,033] milliseconds.Can you please check and provide us a solution as soon as possible.
Thanks
- The topic ‘Getting SQL Injection – SQLite in ZAP Tool’ is closed to new replies.