Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

Simple SQLi identification failed

Luca Baggio Feb 11, 2016 09:14AM UTC

Hi,

I found a little lack in SQLi identification, trying Burp on OWASP Bricks (https://www.owasp.org/index.php/OWASP_Bricks).

In details, using active scan on "Login #4" page, Burp fails to identify the following SQLi:

SELECT * FROM users WHERE name=("inj_param1") and password=("inj_param2")

while all other SQLi have been properly discovered as expected.

Best regards


Nicolas Grégoire Apr 06, 2016 08:31PM UTC
Setting "Scan speed" to "Thorough" in "Scanner > Options > Active Scanning Optimization" should be enough.

Post Your public answer

Your name
Your email address
Answer