Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: attack

bttlxeForum SQL injection Vulnerability Scan

Vulnerability Scan Summary
Uses a SQL query as a password

Detailed Explanation for this Vulnerability Test

The remote host is running bttlexeForum, a set of CGIs designed to
run a forum-based web server on a Windows platform.

There is a SQL injection bug in the remote server which allowed
Nessus to log in as 'administrator' by supplying the password 'or id='

A possible hacker may use this flaw to impersonate users on this host (potentially
making the webmaster legally liable for the impersonations) or gain the control
of the remote SQL database

Solution :
Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.