Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Extend SQL recognition to responses

dnet Oct 19, 2018 09:16AM UTC

The Active scanner in Burp already identifies SQL statements within queries as potential SQL injection vulnerabilities. However, some applications log the executed SQL statements in the HTML output as comments or in an HTML element hidden with CSS. So just by enabling the already existing algorithm to detect SQL statements within responses as well (not just requests), Burp could detect such information leaks about the database backend.


Paul Johnston Oct 22, 2018 01:07PM UTC Support Center agent

Thanks for the suggestion. We agree this could be useful, although we’re quite concerned that checking responses would be prone to false positives. The current logic for detecting SQL statements is quite forgiving, which doesn’t cause problems when just checking requests, but could cause many false positives with responses. If we develop stricter logic in future we may look at implementing your suggestion.

In the meantime, you can use the Error Message Checks extension to do this. You can define a regular expression that catches SQL statements, and the extension will check HTTP responses for this.


Post Your public answer

Your name
Your email address
Answer