I am trying to do penetration testing for one of my client.
The platform is Code ignitor.
There is an endpoint /find/1
The function queries the vehicle table where vehicle ID is 1 with no sanity check.
Now I tried Acunetix scanner and it found both blind SQL and normal SQL injection on the website.
I need to show my client there is actually a flaw so I used sqlmap with various options
Like I know the backend DB is mysql, —skip-WAF
Ok endpoint /find/1*
Which means to inject at positive of asterisk.
Sqlmap performed detail evaluation however couldn’t exploit the vulnerability. I did the risk and verbose to see the queries myself as well.
What I noticed that * is marked as non permitted character in config of code ignitor which prevents sqlmap from making select * from… etc queries.
Shall I assume that the website is safe? Since I can see in the code that sanity check has not been performed on the “input data”.
It depends on what you mean by "no sanity check" is performed on the input parameter. If this means that the application takes the parameter, concatenates it into a SQL query and sends it to the database, the application is vulnerable for sure. Only blocking * is not enough to protect against SQL injection.
Never assume the site is safe, if you have doubts about it! Even if you are not able to create a working exploit, you should recommend implementing database queries using prepared statements (or similar mechanisms). It is considered best practice and there is usually no reason not to use them.
Answered by Demento on December 20, 2020
4 Asked on January 20, 2021 by sentinel
3 Asked on January 18, 2021 by zud
0 Asked on January 17, 2021 by gloomyfit
1 Asked on January 16, 2021 by thunderbolt
0 Asked on January 14, 2021 by mechmk1
3 Asked on January 14, 2021 by brill
5 Asked on January 13, 2021 by sfrj
1 Asked on January 13, 2021 by joshnow
1 Asked on January 12, 2021 by awaaaaarghhh
2 Asked on January 10, 2021 by 888-999
22 Asked on January 9, 2021
2 Asked on January 8, 2021 by brigante
0 Asked on January 6, 2021 by olle-hudga
0 Asked on January 6, 2021 by jian25
3 Asked on January 4, 2021 by darren19824
Get help from others!