Welcome Guest, Not a member yet? Register   Sign In
SQL Injection Attack Detected via libinjection
#2

i see the mention of OWASP and so i guess its going to perhaps involve the use of zap ? Their testing app


it also seems to mention sendmail and contact.

Now I have a clone of my web running Apache (localhost) on Arch Linux

I have a view which has a contact form; the text goes to a controller; there is a little bit of checking and if everything is ok it goes to PHPMailer to send an email direct to my email account. So that process doesn't even involve a database.

Using zap on the url that serves up my web 127.0.0.x zap flagged up some issues; i took it as a false positive. Bit in your case is there any interaction with a database to retrive date in which case you migth have to look a bit deeper. In my case sql injection can't be involved on my form->controller-> creates email because the process doesn't even touch a db
CMS CI4     I use Arch Linux by the way 

Reply


Messages In This Thread
RE: SQL Injection Attack Detected via libinjection - by captain-sensible - 12-02-2021, 06:18 AM



Theme © iAndrew 2016 - Forum software by © MyBB