|
|
Family: CGI abuses --> Category: attack
Burning Board decode_cookie() SQL Injection Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for SQL injection vulnerability in Burning Board Lite
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP script that is affected by a SQL
injection vulnerability.
Description :
The remote version of Burning Board Lite fails to sanitize user-
supplied cookie input before using it in the 'decode_cookie()'
function in a database query. Regardless of PHP settings, an
unauthenticated attacker may be able to leverage this issue to uncover
sensitive information (such as password hashes), modify existing data,
or launch attacks against the underlying database.
See also :
http://retrogod.altervista.org/wbblite_102_sql_mqg_bypass.html
Solution :
Unknown at this time.
Threat Level:
High / CVSS Base Score : 7
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
