Hello people,
I work on new web site based on latest Joomla version and after the first draft with SEBLOD I cheked the security and discover SQL injection vulnerabilities.
I would to know if someone is interested by this topic (can be useful to start a discussion ^^) and have already worked on that to provide advise.
Thanks in advance and have fun :)
FYI, I use iKare tool for security audit and it provides the following output as example:
<pre>
Some SQL injection vulnerabilities have been detected on the web
application. That may allow an attacker to read, write and/or delete
data stored in the database.
References:
URL: https://www.owasp.org/index.php/SQL_Injection
OWASP: OWASP-DV-005
The following SQL injection vulnerabilities were detected on the
resource at this location: https://xxx.html
Request URL: https://xxx.html
Request Method: POST
Vulnerability Title: SQL Injection: Union based detection
Vulnerability Type: Union based detection
Vulnerable Param: task
Request Payload: ' UNION SELECT "jTKDMxDUNg" ; --
</pre>