Hi all,
I have a client running SQLmap to test an app and came up with this in the URL
login.php?UserName='&Password='&usermac=&slogin=slogin&snasid=&login=Login
On the page it has,
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''''' at line 2
I am using a function to do mysql_real_escape_string on all POST, GET and COOKIE inputs.
Is this actually an injection? It looks like it because (correct me if wrong) username should be looking in the database for ‘&Password=’ and not throwing an error.
Thanks for any heads up on this one.