Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: infos

Snitz Forums 2000 SQL injection Vulnerability Scan

Vulnerability Scan Summary
Determine Snitz forums version

Detailed Explanation for this Vulnerability Test

The remote host is using Snitz Forum 2000

This version allow a possible hacker to execute stored procedures
and non-interactive operating system commands on the system.

The problem stems from the fact that the 'Email' variable
in the register.asp module fails to properly validate and
strip out malicious SQL data.

A possible hacker, exploiting this flaw, would need network access
to the webserver. A successful attack would allow the
remote attacker the ability to potentially execute arbitrary
system commands through common SQL stored procedures such
as xp_cmdshell.

Solution: Upgrade to version 3.4.03 or higher

Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.