Uhmm. I've attacking my website (v.1.10.1) for a while.Versión osTicketv1.10.1 (9ae093d) — Hasta la fechaServidor del Software WebApache/2.4.18 (Ubuntu)Versión MySQL5.7.22Versión PHP7.2.6SQL Injection attack attempts > No success starting at 11
testing connection to the target URL
Redirect to 'https://XXXXXXXXXXX/scp/login.php'. Do you want to follow? YRedirect to 'https://XXXXXXXXXXX/scp/canned.php'. Do you want to follow? Y checking if the target is protected by some kind of WAF/IPS/IDS
testing if the target URL content is stable
GET parameter 'id' does not appear to be dynamic
heuristic (basic) test shows that GET parameter 'id' might not be injectable
testing for SQL injection on GET parameter 'id'
testing 'AND boolean-based blind - WHERE or HAVING clause'
testing 'MySQL >= 5.0 boolean-based blind - Parameter replace'
testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)'
testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause (IN)'
testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
testing 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)'
testing 'MySQL inline queries'
testing 'PostgreSQL inline queries'
testing 'Microsoft SQL Server/Sybase inline queries'
testing 'PostgreSQL > 8.1 stacked queries (comment)'
testing 'Microsoft SQL Server/Sybase stacked queries (comment)'
testing 'Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE - comment)'
testing 'MySQL >= 5.0.12 AND time-based blind'
testing 'PostgreSQL > 8.1 AND time-based blind'
testing 'Microsoft SQL Server/Sybase time-based blind (IF)'
testing 'Oracle AND time-based blind'
testing 'Generic UNION query (NULL) - 1 to 10 columns'
GET parameter 'id' does not seem to be injectableHowever it seems to be vulnerable to some Cross-site scripting (XSS) vulnerabilities.