|
Family: CGI abuses --> Category: attack
Land Down Under <= 801 Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary Checks for SQL injection in LDU's list.php
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains several PHP scripts that permit SQL
injection and cross-site scripting attacks.
Description :
The remote version of Land Down Under is prone to several SQL
injection and cross-site scripting attacks due to its failure to
sanitize user-supplied input to several parameters used by the
'auth.php', 'events.php', 'index.php', 'list.php', and 'plug.php'
scripts. A malicious user can exploit exploit these flaws to
manipulate SQL queries, steal authentication cookies, and the like.
See also :
http://www.packetstormsecurity.org/0509-advisories/LDU801.txt
http://securityfocus.com/archive/1/409511
http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0381.html
http://www.g-0.org/code/ldu-adv.html
Solution :
Unknown at this time.
Threat Level:
Medium / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|