|
Family: CGI abuses --> Category: attack
bttlxeForum SQL injection Vulnerability Scan
Vulnerability Scan Summary Uses a SQL query as a password
Detailed Explanation for this Vulnerability Test
The remote host is running bttlexeForum, a set of CGIs designed to
run a forum-based web server on a Windows platform.
There is a SQL injection bug in the remote server which allowed
Nessus to log in as 'administrator' by supplying the password 'or id='
A possible hacker may use this flaw to impersonate users on this host (potentially
making the webmaster legally liable for the impersonations) or gain the control
of the remote SQL database
Solution : http://www.battleaxesoftware.com/forums/forum.asp?forumid=36&select=1812
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|