Injection: Arcade.php - SQL Injection¶

Identifier: arcade_php_sqli

Scanner(s) Support¶

Description¶

The arcade.php script is vulnerable to SQL injection. By exploiting this vulnerability, an attacker can manipulate the SQL queries executed by the script, potentially gaining unauthorized access to the database.

Reference:

• https://www.exploit-db.com/exploits/29604
• https://github.com/OWASP/vbscan/

Configuration¶

Example¶

Example configuration:

---
security_tests:
  arcade_php_sqli:
    assets_allowed:
    - REST
    - GRAPHQL
    - WEBAPP
    skip: false

Reference¶

assets_allowed¶

Type : List[AssetType]*

List of assets that this check will cover.

skip¶

Type : boolean

Skip the test if true.