Family: CGI abuses --> Category: attack
Land Down Under <= 800 Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for SQL injection in LDU's index.php
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP script that permits SQL injection
and cross-site scripting attacks.
The remote version of Land Down Under is prone to various SQL
injection and cross-site scripting attacks provided PHP's
'magic_quotes' setting is disabled due to its failure to sanitize the
request URI before using it in 'system/functions.php' in the function
'ldu_log()'. A malicious user may be able to exploit this issue to
manipulate SQL queries, steal authentication cookies, and the like.
In addition, it also fails to properly sanitize the user-supplied
signature in forum posts.. A malicious user can exploit this
vulnerability to steal authentication cookies and manipulate the HTML
format in 'forums.php'.
See also :
Upgrade to Land Down Under version 801 or later.
Medium / CVSS Base Score : 4
Click HERE for more information and discussions on this network vulnerability scan.