SQL Injection


Description

The application is vulnerable to SQL injection attacks. The application uses user-supplied data to construct SQL database queries. An attacker is able to submit user input in order to change the structure of SQL statements and effectively bypass application logic. Once the attacker can control the application’s SQL syntax, they can send commands directly to the database with the same privileges of the application in order to query or update application data. 

Custom Description

Impact

Risk Rating

Remediation

How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas

References

 

Subscribe here in order to gain access to the AppSec Findings Database

 

Leave a Reply