Here's my latest response from Security MetricsNaturally, the links I use are bogus.The example URLs that are being given in the test results aren't simply a difference of source code, but of server response. The first example is a difference of 404 error and 403 forbidden:
http://www.mysite.com/index.php?amp=...x+and+1%3D0%22
http://www.mysite.com/index.php?amp=...x+and+1%3D1%22
and
http://www.mysite.com/index.php?amp=...nd+1%3D1%22%3E
http://www.mysite.com/index.php?amp=...nd+1%3D0%22%3E
If it were only showing me a difference due to dynamically created web content, that might be different. This appears to be trying to validate/resolve the expressions and does indicate possible Blind SQL, which would need to be resolved.
Any thoughts on a fix?
Bookmarks