You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Severity: LowDiscovered: 17 of December-2023, 07:02 PM UTC
CWE ID
CWE-89
Details
An unhandled database error has been reflected in the response from the server.
This information might help attackers execute SQL Injection attacks and expose sensitive information.
Attacked Parameter:
Attacked Parameter Type: MultiParse::DataType::String
Attacked Parameter Location: Query
Triggered Using Token: '
Parameter Encoding: [:none]
Possible exposure
Leakage of sensitive data.
Remediation suggestions
To fix this vulnerability, make sure to handle input like ''', as follows –
Place special protection on the parameter and handle exceptions using custom messages.
Never allow database errors to be shown to the user.
Request
GET http://brokencrystals.com/api/testimonials/count?query=select+count%281%29+as+count+from+testimonial%27 HTTP/1.1Accept: aaa Referer: http://brokencrystals.com/User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/106.0.5249.119 Safari/537.36accept-charset:Cookie: connect.sid=QHT-Oh5xodQjNdWoo9FGB4AUZOenwg2I.xG21qx1%2FQSNV9HwCRlTA5G8Vk2luYd41eCY9y4ocpIk; bc-calls-counter=1702836150300; _csrf=bsqvxthEgFVKRKNW7SJwxQTXkO7%2BmEV4Accept-Encoding: identity
Response
HTTP/1.1 200Date: Sun, 17 Dec 2023 18:02:34 GMTContent-Type: text/htmlContent-Length: 86Connection: keep-alivevary: Originaccess-control-allow-origin: *x-xss-protection: 0strict-transport-security: max-age=0x-content-type-options: 1content-security-policy: default-src * 'unsafe-inline' 'unsafe-eval'set-cookie: bc-calls-counter=1702836154186Cache-Control: public, max-age=99999select count(1) as count from testimonial' - unterminated quoted string at or near "'"
SQL DB Error Message In Response
Severity:
LowDiscovered:17 of December-2023, 07:02 PM UTCCWE ID
CWE-89
Details
An unhandled database error has been reflected in the response from the server.
This information might help attackers execute SQL Injection attacks and expose sensitive information.
Attacked Parameter:
Attacked Parameter Type: MultiParse::DataType::String
Attacked Parameter Location: Query
Triggered Using Token: '
Parameter Encoding: [:none]
Possible exposure
Leakage of sensitive data.
Remediation suggestions
To fix this vulnerability, make sure to handle input like ''', as follows –
Place special protection on the parameter and handle exceptions using custom messages.
Never allow database errors to be shown to the user.
Request
Response
External links
The text was updated successfully, but these errors were encountered: