Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: CGI abuses --> Category: attack

Burning Board wbb_userid parameter SQL Injection Vulnerability Vulnerability Scan


Vulnerability Scan Summary
Checks for SQL injection vulnerability in Burning Board Lite

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a PHP script that is affected by a SQL
injection vulnerability.

Description :

The remote version of Burning Board Lite fails to sanitize input to
the 'wbb_userid' parameter before using it in a database query.
Provided PHP's 'register_globals' setting is enabled and
'magic_quotes_gpc' setting is disabled, an unauthenticated attacker
may be able to leverage this issue to uncover sensitive information
(such as password hashes), modify existing data, or launch attacks
against the underlying database.

See also :

http://retrogod.altervista.org/wbblite_102_sql.html

Solution :

Unknown at this time.

Threat Level:

Medium / CVSS Base Score : 5.6
(AV:R/AC:H/Au:NR/C:P/I:P/A:P/B:N)

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.