The page results were successfully manipulated using the boolean conditions [NCBI:1 AND 1=1] and [NCBI:1 AND 1=2] The parameter value being modified was stripped from the HTML output for the purposes of the comparison Data was returned for the original parameter. The vulnerability was detected by successfully restricting the data originally returned, by manipulating the parameter
dleehr
commented
9 years ago
OWASP ZAP finds different results with the two test queries: