SQLI on update - Arachni log

peppe's Avatar

peppe

20 Oct, 2012 08:57 PM

Hi,
During a pentesting on my website seems that arachni has discovered a sqli vulnerabiliy.
Since the sqli is on an update query, one table of my db is gone :(
In order to fix the bug I would like to see the queries made by arachni.
Does arachni keep a log of the queries?

  1. Support Staff 1 Posted by Tasos Laskos on 21 Oct, 2012 04:04 PM

    Tasos Laskos's Avatar

    Damn it, my e-mail reply didn't get posted, reposting via browser:


    You can load the sqli module which discovered the vulnerability by itself, enable the "--debug" flag and then start a scan against a page with a single, dummy, input or something.

    The debugging output will show you exactly what's being injected.

    PS. Sorry to hear about your troubles, that's why scanning live systems is bad idea.

  2. Tasos Laskos closed this discussion on 21 Oct, 2012 04:04 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac