Hi,
I was doing a Nessus scan on the windows server on which XAMPP is installed. The scanning revealed the following security holes. I wanted to know what is the solution to these holes:
1.
The following URLs seem to be vulnerable to BLIND SQL injection
techniques :
/xampp/getexcel.php?value=char(0x27)/**/AND/**/char(0x27)achar(0x27)>char(0x27)b
An attacker may exploit this flaws to bypass authentication
or to take the control of the remote database.
Solution : Modify the relevant CGIs so that they properly escape arguments
Risk factor : High
See also : http://www.securitydocs.com/library/2651
2.
The following URLs seem to be vulnerable to BLIND SQL injection
techniques :
/xampp/phonebook.php?phone=&id=3+AND+1=1&firstname=&action=del&lastname=&source=in
/xampp/phonebook.php?phone=&id=3/**/AND/**/1=1&firstname=&action=del&lastname=&source=in
An attacker may exploit this flaws to bypass authentication
or to take the control of the remote database.
Solution : Modify the relevant CGIs so that they properly escape arguments
Risk factor : High
See also : http://www.securitydocs.com/library/2651
Nessus Scan
1 post
• Page 1 of 1
Nessus Scan
by tornado579 » 01. November 2006 09:40
- tornado579
- Posts: 1
- Joined: 01. November 2006 09:37
1 post
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 104 guests