Reflected status showing on application on fuzzer result. But incorrect validation is showing while try to login via script. Is my application vulnerable to SQL injection?
@SanQAMastery
23 күн бұрын
Reflected status alone doesn’t confirm SQL injection vulnerability, but it is a signal that you should investigate further. Manual testing and reviewing how inputs are handled in your application code are crucial steps in determining if your application is indeed vulnerable to SQL injection. Look for detailed error messages or behavior changes that indicate SQL injection. For instance, if your application exposes database errors, that could be a sign. If it displays a message such as 'Invalid credentials,' then there is no issue. In this case also the status should be Reflected. Thank You.
Пікірлер: 5