|
|
Family: CGI abuses : XSS --> Category: infos
w-Agora Multiple Input Validation Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for vulnerabilities in w-Agora
Detailed Explanation for this Vulnerability Test
The remote host is running w-agora, a web-based forum management software
written in PHP.
There are multiple input validation flaws in the remote version of this
software :
- There is an SQL injection vulnerability in the file 'redir_url.php' which
may allow a possible hacker to execute arbitrary SQL statements in the remote
database
- There is a cross site scripting issue which may allow a possible hacker to
steal the cookies of the legitimate users of the remote site by sending them
a specially malformed link
- There is an HTTP response splitting vulnerability which may also allow
a possible hacker to perform cross-site scripting attacks against the remote host.
Solution : Upgrade to the newest version of this software
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
