07-03-2011 12:11 PM
am facing a showstopper while making a penetration test to an application.
After crawling and auditing over than 1 day scan duration.
The tool has stopped performing auditing and firing the below error:
This error has been fired after the row below recorded on the scan log:
"New Blind SQL check (checkid 10962) is not enabled, A Policy with both check 10962 and check 11199 enabled is recommended"
So please advise if you had encountered this issue before.
Thanks in advance,
07-05-2011 09:05 AM - edited 07-05-2011 09:10 AM
Just some questions: what version of WI are you using? What policy? Do you have any manual session exclusions defined? I'm talking to devs to find out under what conditions this situation could arise.
quick edit: Did the scan log include a stack trace? If so, please post it. Also, was this a rescan of a scan that had sessions that were manually deleted? Can you provide any addition info on your workflow?
The blind sql entry is just be a warning/notice. There were several changes/improvements in the blind sql engine in 9.0. The warning is just there to let you know that you can get better performance and results by enabling both 10962 and 11199. My guess is that you are you using a custom policy from a time when the new check (11199) did not exist. Let me know if that is not true. Anyway, it should not have anything to do with the scan stopping.
07-06-2011 02:02 AM
Thanks alot for your detailed reply ,
Kindly i want to share with you and give a full info. regarding my scan configuration ,
First of all, i had selected to run this scan using OWASP top 10 (2010) policy , which I think the blind sql engine should be included on this scan that's why am really surprised with that error.
and for your info. am using WI version (9.0.351.1) , but it doesn't seems that the scan log include a stack trace.
and about deletion of some session , yes exactly you are true.
I had removed some session ,as I dont want to cover while making the scan.
Hope that this info can help us realizing how can we solve this error as it prevents the scan to continue auditing the application.
Best regards and have a nice day,
07-06-2011 01:14 PM
That helps, but still not enough information to reproduce. What were the exact steps that you performed? Did you do a Manual Scan, Standard Scan? Crawl Only, Crawl and Audit? I'm guessing that you did a Crawl Only or a Workflow scan (please confirm), deleted some sessions and then started an audit. I've tried this and am not able to reproduce the issue, so please outline the exact steps that you performed. Thanks.