Injection: Arcade.php - SQL Injection¶

Identifier: arcade_php_sqli

Scanner(s) Support¶

Description¶

The arcade.php script is vulnerable to SQL injection, allowing attackers to manipulate SQL queries and potentially gain unauthorized access to the database.

How we test: We test for SQL injection vulnerabilities in arcade.php by injecting malicious SQL payloads and analyzing responses to detect if SQL queries are executed.

Reference:

• https://www.exploit-db.com/exploits/29604
• https://github.com/OWASP/vbscan/

Configuration¶

Example¶

Example configuration:

---
security_tests:
  arcade_php_sqli:
    skip: false

Reference¶

skip¶

Type : boolean

Skip the test if true.