Blind
Hello Arachni team. I have uncovered a Blind NoSQL Injection vulnerability in a popular website. However, it is in a cookie and I am not sure how to confirm if it is a false positive or not. I will disclose the html report with you guys if you can help, but I would like your word that the report and any information that has to do with it or this conversation is kept between us. I am running Kali Linux and have tried to use Live HTTP Headers to test the cookie, but I can't get it to work, or just don't know how. I am not trying to exploit the vulnerability, I just want to learn how to find out if it is a false positive or not. How does one check a cookie for Blind NoSQL injection? What should I be looking for? What tools should I use? These are some of the questions I have and an hoping you have the answers. Looking forward to your response!
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
1 Posted by John on 01 Aug, 2018 08:06 PM
Also, since this is public can you shoot me an email with the response and we will take it from there? Thank you for your time, if anyone has any information otherwise feel free to post. Also, once we take it up in email is it possible that this thread be deleted.