Configuration of Anomaly Detection Process: Overview¶
This documentation section describes the following points:
This target application usually responds with the
403 Unauthorized code and the
Invalid email or password. message to the authorization request with an incorrect combination of login and password.
However, if the
' symbol is passed within any part of the login value, the application responds with the
500 Internal Server Error code and the
...SequelizeDatabaseError: SQLITE_ERROR:... message; such behavior is anomalous.
This anomaly does not lead to the direct exploitation of any vulnerability, but it provides an attacker with information about the application architecture and prompts to execute the SQL Injection attack.