AnsweredAssumed Answered

SQL Injection payload explanation? Strange payload

Question asked by Olivier on Nov 13, 2014
Latest reply on Nov 18, 2014 by Olivier

Hi!

 

After a WAS scan on a webapp I do get a SQL Injection vulnerability (QID 150003).

My problem is that I do not manage to reproduce it with Qualys scan report info.

 

It's about a form parameter sent with HTTP GET, but the payload is: @PATH@@FILENAME@1.@EXTENSION@

 

If it help, target database is ORACLE.

 

Can someone explain it to me please?

 

Regards,

 

Olivier.

Outcomes