Vulnerabilities reported by skipfish
Hello to everyone,
during these days I did a scan with skypfish on a web application created for the my company, and some errors have been reported
Query injection vector - https://xxx.com:4430/docs/0.vb/9-8
Shell injection vector - https://xxx.xxx.com:4430/docs/51.vb/`true`
I have reported the errors to the company that created the site, but them say that the application is secure, can you give me some advice?
It is possible that it is a fake of skipfish?
Re: Vulnerabilities reported by skipfish
It could be a false positive.
Try hiring someone who actually does web application vulnerability assessment for a living instead of futzing with a tool and technologies you don't really understand.