|
|
Family: CGI abuses --> Category: infos
Snitz Forums 2000 SQL injection Vulnerability Scan
Vulnerability Scan Summary
Determine Snitz forums version
Detailed Explanation for this Vulnerability Test
The remote host is using Snitz Forum 2000
This version allow a possible hacker to execute stored procedures
and non-interactive operating system commands on the system.
The problem stems from the fact that the 'Email' variable
in the register.asp module fails to properly validate and
strip out malicious SQL data.
A possible hacker, exploiting this flaw, would need network access
to the webserver. A successful attack would allow the
remote attacker the ability to potentially execute arbitrary
system commands through common SQL stored procedures such
as xp_cmdshell.
Solution: Upgrade to version 3.4.03 or higher
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
