ashenchowthee / zaproxy

Automatically exported from code.google.com/p/zaproxy
0 stars 0 forks source link

SQLi false negative #1513

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
While I was testing ZAP V2.3.1 on a web app with known vulnerabilities I found 
that it couldn't spot a SQL injection inside a MySql insert statement.

Original issue reported on code.google.com by Bahari....@gmail.com on 21 Jan 2015 at 2:09

Attachments:

GoogleCodeExporter commented 9 years ago
The existing Beta scanner "SQL Injection - MySQL" detects this vulnerability 
using just 2 requests, at the default attack strength.

Original comment by colm.p.o...@gmail.com on 3 Mar 2015 at 1:43