RSS

Aegis traced Blind SQL Vulnarability in Bihar E-news (http://www.biharenews.com)

29 Jun

Target:         http://www.biharenews.com/index.php
Host IP:        70.86.37.234
Web Server:     Apache
Powered-by:     PHP/5.2.17
DB Server:     MySQL >=5
Resp. Time(avg):    1889 ms
Current User:     kabia_bihare@localhost
Sql Version:     5.0.92-community
Current DB:     kabia_biharenews
System User:     kabia_bihare@localhost
Host Name:     server.hosttrue.info
Installation dir:     /

Vulnerability description

This script is possibly vulnerable to SQL Injection attacks.

SQL injection is a vulnerability that allows an attacker to alter backend SQL statements by manipulating the user input. An SQL injection occurs when web applications accept user input that is directly placed into a SQL statement and doesn’t properly filter out dangerous characters.

This is one of the most common application layer attacks currently being used on the Internet. Despite the fact that it is relatively easy to protect against, there is a large number of web applications vulnerable.

This vulnerability affects /xxxx.php.

Discovered by: Scripting (Blind_Sql_Injection.script).

 

Advertisements
 
Leave a comment

Posted by on June 29, 2011 in Vulnerable Websites

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: