Attack Alert :: Database Enumeration
Attack Alert :: Database Enumeration
- Attackers can enumerate through errors to discover table composition
- /user_detail.php?id=345
345 GROUP BY id
Warning: pg_query(): Query failed: ERROR: column "user.username" must appear in the GROUP BY clause or be used
in an aggregate function in /path/to/user_detail.php on line 17
345 GROUP BY username
Warning: pg_query(): Query failed: ERROR: column "user.description" must appear in the GROUP BY clause or be
used in an aggregate function in /path/to/user_detail.php on line 17