Forum
false flag SQLi in this string
Hans
24 December 2017, 04:37
Hello,
when i insert this string in my form " Orange (" (without quotation marks) then my hiawatha v10.7 detects an "SQL Injection Detected
441". Can anyone reproduce this behavior?
Merry Christmas
Hans
when i insert this string in my form " Orange (" (without quotation marks) then my hiawatha v10.7 detects an "SQL Injection Detected
441". Can anyone reproduce this behavior?
Merry Christmas
Hans
Hans
24 December 2017, 04:43
this is the string urlencoded: +Orange+%28
Hugo Leisink
24 December 2017, 13:32
I can confirm. I know Hiawatha's SQL injection ain't perfect. False positives is a side effect of the attempt to detect most SQL injections. Just don't have it enabled all the time. It is not meant to be a replacement for secure code. I quote from the Hiawatha manual:
Don't use this as a generic security feature. Only use it to prevent a specific vulnerablility in an application that can't be taken offline while you wait for a patch.
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
