Burp Suite User Forum

Login to post

About active scan

Kazuo | Last updated: May 04, 2022 10:29AM UTC

Hi I scanned OWASP BWA BodgeIt Store. The bodgeit login menu has SQL injection. SQL injection payload: test@thebodgeitstore.com' or '1'='1 However, the scan result is Tentative only. Why isn't it detected?

Ben, PortSwigger Agent | Last updated: May 05, 2022 09:09AM UTC

Hi Kazuo, How are you scanning the site - are you using a full crawl and audit or are you simply performing an active scan on content you have crawled manually? If it is the latter, have you captured the POST request that is being used to submit the credentials?

Kazuo | Last updated: May 05, 2022 12:56PM UTC

Hi、 I right clicked "BodgeIt" on the sitemap and ran "Crawl and audit". SQL injection could not be detected. Then, after manually entering all the links and parameters, I right-clicked on "BodgeIt" in the sitemap and ran "Do active scan". The expected SQL injection could not be detected. Then I right-clicked on the "login.jsp" request in "HTTP history" and ran "Do active scan". SQL injection was detected. Should I do an active scan in "HTTP history" instead of right-clicking on sitemap content?

Ben, PortSwigger Agent | Last updated: May 06, 2022 01:02PM UTC

Hi Kazuo, Running a full crawl and audit from the http://localhost/bodgeit/login.jsp URL would probably be the most thorough test. So Burp is identifying the SQL injection vulnerability when you perform a crawl and audit and is assigning a confidence rating of 'Tentative" to it?

You need to Log in to post a reply. Or register here, for free.