Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: attack

Land Down Under <= 800 Multiple Vulnerabilities Vulnerability Scan

Vulnerability Scan Summary
Checks for SQL injection in LDU's index.php

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a PHP script that permits SQL injection
and cross-site scripting attacks.

Description :

The remote version of Land Down Under is prone to various SQL
injection and cross-site scripting attacks provided PHP's
'magic_quotes' setting is disabled due to its failure to sanitize the
request URI before using it in 'system/functions.php' in the function
'ldu_log()'. A malicious user may be able to exploit this issue to
manipulate SQL queries, steal authentication cookies, and the like.

In addition, it also fails to properly sanitize the user-supplied
signature in forum posts.. A malicious user can exploit this
vulnerability to steal authentication cookies and manipulate the HTML
format in 'forums.php'.

See also :

Solution :

Upgrade to Land Down Under version 801 or later.

Threat Level:

Medium / CVSS Base Score : 4

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.