Forum Discussion

New Contributor

13 years ago

SQL Injection on HTTP doesn't respect "All at Once"

I have created a simple HTTP Test Request using POST and two parameters, and it works fine when run. I'm trying to run an SQL Injection Test on that HTTP Test Request, and it also works fine as long a...

SmartBear_Suppo

Alumni

13 years ago

Thanks for including the screenshots. So now as you run your security test, look in the "Security Log" tab. As you double click on each of the requests, you can see what data was passed in and received.

"All at Once" setting will make sure that for 'lemail' and 'lticket' both values are set to the injection token - e.g. "' or '1'='1". Whereas the 'One by One' strategy would first set 'lemail' to "' or '1'='1" and then send another request where 'lticket' is "' or '1'='1".

Are you seen different behvaior?

Thanks,
Michael Giller
SmartBear Software

Forum Discussion

SQL Injection on HTTP doesn't respect "All at Once"

Recent Discussions

Signature\Encryption tags missing in Security Header

CVE-2024-7565 and CVE-2017-16670 vulnabilities

Vulnerabilities found in SoapUI 5.9.1

Related Content

"Find All" - within Keyword Tests

CEF -injectCefHook script injection not working in 15.30 ?

How to make an "all optional" schema from a schema in OpenAPI 3