It could be a false positive.
Try hiring someone who actually does web application vulnerability assessment for a living instead of futzing with a tool and technologies you don't really understand.
Vulnerabilities reported by skipfish
Hello to everyone,
during these days I did a scan with skypfish on a web application created for the my company, and some errors have been reported
Query injection vector - https://xxx.com:4430/docs/0.vb/9-8
Shell injection vector - https://xxx.xxx.com:4430/docs/51.vb/`true`
I have reported the errors to the company that created the site, but them say that the application is secure, can you give me some advice?
It is possible that it is a fake of skipfish?
Thanks
Re: Vulnerabilities reported by skipfish
It could be a false positive.
Try hiring someone who actually does web application vulnerability assessment for a living instead of futzing with a tool and technologies you don't really understand.
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
Posting Permissions