Sårbarhed Detalje Syn
Legend :
critical
high
medium
low
other
| id | 43160 |
|---|
| Risiko | other |
|---|
| Familie | CGI abuses |
|---|
| Kategori | mixed |
|---|
| Navn | CGI Generic SQL Injection (blind, time based) |
|---|
| Sammenfatning | Blind SQL injection techniques (time based) |
|---|
| Beskrivelse | Synopsis :
A CGI application hosted on the remote web server is potentially
prone to SQL injection attack.
Description :
By sending specially crafted parameters to one or more CGI scripts
hosted on the remote web server, Nessus was able to get a slower
response, which suggests that it may have been able to modify the
behavior of the application and directly access the underlying
database.
An attacker may be able to exploit this issue to bypass
authentication, read confidential data, modify the remote database, or
even take control of the remote operating system.
Note that this script is experimental and may be prone to false
positives.
See also :
http://www.securiteam.com/securityreviews/5DP0N1P76E.html
http://www.securitydocs.com/library/2651
Solution :
Modify the affected CGI scripts so that they properly escape
arguments.
Risk factor :
High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
|
|---|
| CVE |
NOCVE |
| Bugtraq |
NOBID |
| Copyright |
(C) 2009 Tenable Network Security, Inc. |
|
|