SQL code can be injected into the web application even though it may not be obvious due to suppression of error messages.
In header input User-Agent using GET at http://www.fao.com/product/index.jsp?productId=3262833.
Audited elements | Modules | Filters | Cookies |
---|---|---|---|
|
|
|
|
At the time these issues were logged there were no abnormal interferences or anomalous server behavior.
These issues are considered trusted and fairly accurate.
SQL code can be injected into the web application even though it may not be obvious due to suppression of error messages.
Suppression of error messages leads to security through obscurity which is not a good practise. The web application needs to enforce stronger validation on user inputs.
http://www.fao.com/product/index.jsp?productId=3262833
Arachni/v1.0dev))) and 1=1
Headers | |||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Request | Response | ||||||||||||||||||||||||||||||||||||||
|
|
These issues are considered untrusted (and may in fact be false positives) because at the time they were identified the server was exhibiting some kind of anomalous behavior or there was third part interference (like network latency for example).
The listed issues need verification by a human.
No untrusted issues have been logged.
Resolves vulnerable hostnames to IP addresses.
Hostname | IP Address |
---|---|
www.fao.com | 63.240.110.215 |
Generates a simple list of safe/unsafe URLs.
http://www.fao.com/product/index.jsp
http://www.fao.com/product/index.jsp?productId=3262833