AnsweredAssumed Answered

SQL Injection payload explanation? Strange payload

Question asked by Olivier on Nov 13, 2014
Latest reply on Nov 18, 2014 by Olivier



After a WAS scan on a webapp I do get a SQL Injection vulnerability (QID 150003).

My problem is that I do not manage to reproduce it with Qualys scan report info.


It's about a form parameter sent with HTTP GET, but the payload is: @PATH@@FILENAME@1.@EXTENSION@


If it help, target database is ORACLE.


Can someone explain it to me please?