Burp Suite User Forum

Create new post

Simple SQLi identification failed

Luca | Last updated: Feb 11, 2016 09:14AM UTC

Hi, I found a little lack in SQLi identification, trying Burp on OWASP Bricks (https://www.owasp.org/index.php/OWASP_Bricks). In details, using active scan on "Login #4" page, Burp fails to identify the following SQLi: SELECT * FROM users WHERE name=("inj_param1") and password=("inj_param2") while all other SQLi have been properly discovered as expected. Best regards

Burp User | Last updated: Apr 06, 2016 08:31PM UTC

Setting "Scan speed" to "Thorough" in "Scanner > Options > Active Scanning Optimization" should be enough.

You must be an existing, logged-in customer to reply to a thread. Please email us for additional support.