This repository was archived by the owner on May 18, 2021. It is now read-only.
This repository was archived by the owner on May 18, 2021. It is now read-only.
Home continuously crashing by products_viewed cookie with malformed SQL Injection #18
Description
As I'm saying in the title, if you inject a malformed sql injection that makes to crash the PHP process, on the URL http://domain.com/product/view?id=81 and the param 'id', it will cotinuously crash on every Home page load.
I had to delete cookies to be able to visit the home after the bad injection because I was crashing just loading the Home.
A solution is to store products that by its query returned true, not only all the data in the id param requested, because it saves the malformed sql injection that belongs to the learning process.
For example: http://vuln2.devo.com/product/view?id=81' and 1=1
without comment at the end