1. SQL Injection Vulnerability
Vulnerability Level:
High-risk
Vulnerability Location:
Basic information> flood water level Messaging>
Vulnerability Description:
A malicious attacker can inject SQL injection vulnerabilities construct SQL statements, returns a specific error message to the server to get information of value, and even tamper with the contents of the database and put
Vulnerability Verification:
Although he did not get too many useful things, but basically decided that there sql injection, given the time factor does not take sqlmap run, to which it
Advice:
- Vulnerability incoming parameter generation module is checked for validity, incoming parameters defined
- When the user enters character limit, immediately turned to a custom error page, the server can not use the default error output
- Above label dangerous characters filtered prohibited ; incoming ( ', ", +,% , &, <>, (),, and, select , etc.) special characters
- Information stored in the encrypted database
- When the database link and access the data, using parameterized query link access