Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

› WebAssist Forums › MySQLi Server Behaviors › MySQLI Server Behaviors General / Announcements › SQL Injection / Sanitation

View all replies to this thread

SQL Injection / Sanitation

Thread began 9/14/2017 2:19 pm by LionsMane | Last modified 2/13/2020 7:05 am by LionsMane | 2917 views | 9 replies

2/12/2020 3:57 pmRay BorduinWebAssist

This is a false positive and isn't a real SQL injection hole. It is detecting that these two urls return a different result and it assumes that is because it is getting information from the database.

https://www.yoursite.co.uk/theagency/index.php?&accesscheck=/theagency/inde x.php?-1' AND 'yUOyV'='pVXHK' OR 'yUOyV'='yUOyV' OR '1234'='747235

https://www.yoursite.co.uk/theagency/index.php?&accesscheck=/theagency/inde x.php?-1' AND 'oQqtS'='llomj' OR 'oQqtS'='llomj' OR '1234'='734102

However, if you follow those two links the pages are different because one is going to a 404 page, not because any information is coming from the database. That means this isn't really an issue.

Did this help? Tips are appreciated...

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now. Build a store, a gallery, or a web-based email solution.