Burp community forum

Simple SQLi identification failed

Luca | Last updated: Feb 11, 2016 09:14AM UTC

Hi, I found a little lack in SQLi identification, trying Burp on OWASP Bricks (https://www.owasp.org/index.php/OWASP_Bricks). In details, using active scan on "Login #4" page, Burp fails to identify the following SQLi: SELECT * FROM users WHERE name=("inj_param1") and password=("inj_param2") while all other SQLi have been properly discovered as expected. Best regards

Burp User | Last updated: Apr 06, 2016 08:31PM UTC

Setting "Scan speed" to "Thorough" in "Scanner > Options > Active Scanning Optimization" should be enough.

You need to Log in to post a reply. Or register here, for free.