SQLI on update - Arachni log
Hi,
During a pentesting on my website seems that arachni has discovered
a sqli vulnerabiliy.
Since the sqli is on an update query, one table of my db is gone
:(
In order to fix the bug I would like to see the queries made by
arachni.
Does arachni keep a log of the queries?
Comments are currently closed for this discussion. You can start a new one.
Keyboard shortcuts
Generic
? | Show this help |
---|---|
ESC | Blurs the current field |
Comment Form
r | Focus the comment reply box |
---|---|
^ + ↩ | Submit the comment |
You can use Command ⌘
instead of Control ^
on Mac
Support Staff 1 Posted by Tasos Laskos on 21 Oct, 2012 04:04 PM
Damn it, my e-mail reply didn't get posted, reposting via browser:
You can load the sqli module which discovered the vulnerability by itself, enable the "--debug" flag and then start a scan against a page with a single, dummy, input or something.
The debugging output will show you exactly what's being injected.
PS. Sorry to hear about your troubles, that's why scanning live systems is bad idea.
Tasos Laskos closed this discussion on 21 Oct, 2012 04:04 PM.