|
|
Family: CGI abuses --> Category: attack
Land Down Under / Seditio id parameter SQL Injection Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for SQL injection vulnerability in Land Down Under / Seditio
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP script that is affected by a SQL
injection vulnerability.
Description :
The remote version of Land Down Under or Seditio fails to sanitize
input to the 'id' parameter of the 'polls.php' script before using it
in a database query. Provided PHP's 'magic_quotes_gpc' setting is
disabled, an unauthenticated attacker may be able to leverage this
issue to uncover sensitive information (such as password hashes),
modify existing data, or launch attacks against the underlying
database.
See also :
http://milw0rm.com/exploits/2871
Solution :
Unknown at this time.
Threat Level:
Medium / CVSS Base Score : 5.6
(AV:R/AC:H/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
