Our SQLi Scanner uses the engine from OWASP ZAP, one of the world’s most popular open-source security tools, actively maintained by hundreds of international developers and other active community members.
The OWASP ZAP tool was created to help users automatically detect security vulnerabilities in web applications while developing and testing them.
The tool can do an SQL Injection test by inserting special characters (eg. ', ', 2*3) in all input fields of the target application and monitoring the web page's behavior. If database errors are discovered on the website, this could be the scenario of an SQL Injection attack.
To validate the vulnerability found, the SQL Injection scanner attempts to construct a syntactically correct SQL query that demonstrates the injection was successful. That is why the following results will be displayed:
http://vulnapp.example.com/bookings.php?cat=4 AND 1=1 --
The SQL Injection scanner does not attempt to exploit SQL injection, it simply detects the presence of any vulnerability that could affect your backend database. If flaws are detected, our online tool offers detailed information about the risks you are exposed to and recommendations on how to perform an effective remediation process. Start scanning for web applications vulnerabilities today so you will not be exposed to SQL Injection attacks which let hackers get to tamper with sensitive information (such as usernames, passwords, and other essential credentials) by disclosing, or deleting it.
For more in-depth information about the SQL Injection attacks, including solutions on how to remediate this vulnerability, you can found on the OWASP SQL Injection Page.