So I have my own website which has admin panel in which I can edit website content on it (text content only like pictures etc) without loging as Admin. This admin script was developed by my friend but I don't have any contact with him now as he went abroad. I recently had some security concerns about this panel and tried to tested it against XSS and SQL Injection. I think it's kindly vulnerable to XSS as when I injected some XSS code it displayed me a PHPSES ID but when I tried to inject something like this -> alert('XSS vulnerability') it just displays text of it.
Now my worst suspicion is that my panel login as I may think is vulnerable to SQL Injection when I load the page it looks like this:
but when I append ' at the end, it changes the website layout to this:
The strange thing is that I don't get any MYSQL error or anything, I think it might be BlindSQL or something ? Can someone help me to identify if I have actual SQL Injection in there ?
Any help appreciated. Thanks
Aucun commentaire:
Enregistrer un commentaire