I was loading my sites front end and watching the responses in burpsuite when I noticed a response which contained a very verbose sql error
"message": "SQLSTATE[22P02]: Invalid text representation: 7 ERROR: invalid input syntax for type bigint: \"1test\" (SQL: select * from \"passengers\" where \"passengers\".\"id\" = 1test limit 1)",
"exception": "Illuminate\\Database\\QueryException",
My question is whether an attacker could inject inside the int value expected by the sql engine.
PS. The error is also sent to the frontend - see pic
- System is Laravel