Nessus Scan

Problems with the Windows version of XAMPP, questions, comments, and anything related.

Nessus Scan

Postby tornado579 » 01. November 2006 09:40

Hi,

I was doing a Nessus scan on the windows server on which XAMPP is installed. The scanning revealed the following security holes. I wanted to know what is the solution to these holes:

1.

The following URLs seem to be vulnerable to BLIND SQL injection
techniques :

/xampp/getexcel.php?value=char(0x27)/**/AND/**/char(0x27)achar(0x27)>char(0x27)b



An attacker may exploit this flaws to bypass authentication
or to take the control of the remote database.


Solution : Modify the relevant CGIs so that they properly escape arguments
Risk factor : High
See also : http://www.securitydocs.com/library/2651


2.

The following URLs seem to be vulnerable to BLIND SQL injection
techniques :

/xampp/phonebook.php?phone=&id=3+AND+1=1&firstname=&action=del&lastname=&source=in
/xampp/phonebook.php?phone=&id=3/**/AND/**/1=1&firstname=&action=del&lastname=&source=in



An attacker may exploit this flaws to bypass authentication
or to take the control of the remote database.


Solution : Modify the relevant CGIs so that they properly escape arguments
Risk factor : High
See also : http://www.securitydocs.com/library/2651
tornado579
 
Posts: 1
Joined: 01. November 2006 09:37

Return to XAMPP for Windows

Who is online

Users browsing this forum: No registered users and 73 guests