loss of issues
hello, found a bug by running sqli+*FI:
only Sql-i plugin --> 7 vulns
Sql-i + RFI+LFI --> 2 vulns
so when i add to scan policy RFI+LFI , arachni finds only 2 sql-i
vulns without any RFI/LFI.
I dont really know if this is a bug, maybe i just did something
wrong?
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
Support Staff 1 Posted by Tasos Laskos on 09 Nov, 2016 12:01 PM
Hello,
That depends on a lot of things, were the SQL injection issues logged for the same input vectors by multiple SQL injection checks (error-based, timing attack and differential)?
Or it could be that the RFI and LFI checks altered the behavior of the webapp in some way and input vectors that were visible before are now hidden.
I can't tell you for sure without access to the webapp.
Cheers
Support Staff 2 Posted by Tasos Laskos on 28 Nov, 2016 03:24 PM
Closing due to lack of feedback, please re-open if you want to add more information.
Tasos Laskos closed this discussion on 28 Nov, 2016 03:24 PM.