Lessons Learned from SQL Injection Fix in Joomla 3.7.0
The Joomla community recently patched a SQL injection vulnerability introduced in Joomla 3.7.0. The article reporting this vulnerability explains how to identify the vulnerability (which was discovered via static code analysis) and how to craft an attack, e.g.
http://example.com/joomla/index.php?option=com_fields&view=fields&layout=modal& list[fullordering]=exploitation_code
After reviewing the description of the vulnerability, I wondered whether an automated web application scanner, known as a DAST (Dynamic Application Security Testing) tool, could identify an instance of this vulnerability without digging into the source code.