In our application, which is build in codeigniter 2.8, a hacker hacked a specific page without sql injection. How can we find out the root cause of this issue? If you have any ideas on your end, please share.
Asked
Active
Viewed 69 times
0
-
1Possible duplicate of [how to avoid sql injection in codeigniter](https://stackoverflow.com/questions/5857386/how-to-avoid-sql-injection-in-codeigniter) – Masivuye Cokile Feb 11 '19 at 10:14
-
1@DevsiOdedra If you really want to you can still create plenty of possible SQL injections ;) – Tobias F. Feb 11 '19 at 10:22
-
@DevsiOdedra what makes you think that simply using a framework removes all attack vectors? – Nico Haase Feb 11 '19 at 11:16
-
Thanks, we used only query builder all sql injections removed default codeigniter process, but hacker sent screen shot for our web application page, i don't know how is possible to go without user credentials – sivasathesh Feb 12 '19 at 05:20
-
Is it still possibility of sql injection if we have only used CI's query builder? – G_real Feb 13 '19 at 21:52