You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Summary: SQL injection leads to view all the content in the table.
Steps to reproduce: Visit : "https://hack-yourself-first.com/CarsByCylinders?Cylinders=V12", you will see some content in the page. Now reload the page and capture the request in burp and modify the request to : "GET /CarsByCylinders?Cylinders=V12'+OR+1=1-- - HTTP/2" and forward. Now you will see additional content.
Impact: Due to this bug, an attacker can view additional information, which the application does not want anyone to see.