Original input data
Hello, arachni found "Blind SQL Injection (differential analysis) in Cookie input 'PHPSESSID"
GET /forum/login.php?redirect=posting.php%3Fmode%3Dquote&p=68922496 HTTP/1.1
Accept-Encoding: gzip, deflate
User-Agent: Safari
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.8,he;q=0.6
X-Arachni-Scan-Seed: 2706a4dc12a94e4aae0d06641c701d47
Cookie: PHPSESSID=-1839+or+1%3D2;flags=c1
is there any option in arachni so i can see original PHPSESSID data?
thanks
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
| ? | Show this help |
|---|---|
| ESC | Blurs the current field |
Comment Form
| r | Focus the comment reply box |
|---|---|
| ^ + ↩ | Submit the comment |
You can use Command ⌘ instead of Control ^ on Mac
Support Staff 1 Posted by Tasos Laskos on 13 Aug, 2016 07:43 AM
You can generate a report in JSON, it'll show you the original inputs of that vector.
This looks like an FP though, any chance I can access the site to reproduce and fix it?
2 Posted by John on 14 Aug, 2016 11:53 AM
Arachni often finds sqli at cookie parameter which doesn't exist, it often happens to torrent websites. I don't have access to the website's host so the most I'm able to do to help you fix this issue is to give website address, will send you it by email
Support Staff 3 Posted by Tasos Laskos on 24 Aug, 2016 12:17 PM
To sum up the private discussion:
Tasos Laskos closed this discussion on 24 Aug, 2016 12:17 PM.