Family: CGI abuses --> Category: infos
PlaySMS Cookie SQL Injection Vulnerability Scan
Vulnerability Scan Summary
Tests for the PlaySMS SQL Injection
Detailed Explanation for this Vulnerability Test
PlaySMS is a full-featured SMS gateway application that features sending of
single or broadcast SMSes, the ability to receive and forward SMSes, an SMS
board, an SMS polling system, SMS customs for handling incoming SMSes and
forwarding them to custom applications, and SMS commands for saving/retrieving
information to/from a server and executing server-side shell scripts.
An SQL Injection vulnerability in the product allows remote attackers to
inject arbitrary SQL statements via the cookie mechanism used by the product.
See also : http://sourceforge.net/project/shownotes.php?release_id=254915
Solution : Upgrade to version 0.7.1 or later.
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.