Sql injection
-
Hi, i recently conducted a security Audit on my webserver and the software rechead to this conlusions.
We discovered vulnerabilities in the scripts listed below. Next to each script, there is a description of the type of attack that is possible, and the way to recreate the attack. If the attack is a simple HTTP GET request, you can usually paste it into your browser to see how it works. If it’s a POST attack, the parameters for the POST request will be listed in square parenthesis.
Blind SQL Injection
URL: https://mysite.com/mica-publicitate/afiseaza-anunt/?id=1/
Affected Parameter: id
Vector Used: VALUE AND SLEEP(24)=0
Pattern found: Timing test
Complete Attack: https://mysite.com/mica-publicitate/afiseaza-anunt?id=1/ AND SLEEP(24)=0
Show Test Sample
URL: https://mysite.com/mica-publicitate/afiseaza-anunt
Parameter name: idWe discovered vulnerabilities in the scripts listed below. Next to each script, there is a description of the type of attack that is possible, and the way to recreate the attack. If the attack is a simple HTTP GET request, you can usually paste it into your browser to see how it works. If it’s a POST attack, the parameters for the POST request will be listed in square parenthesis.
Cross Site Scripting
URL: https://mysite.com/mica-publicitate/afiseaza-anunt/?id=1/
Affected Parameter: id
Vector Used: “><script>alert(document.cookie)</script>
Pattern found: <script>alert(document.cookie)</script>
Complete Attack: https://mysite.com/mica-publicitate/afiseaza-anunt?id=\”><script>alert(document.cookie)</script>
Show Test Sample
URL: https://mysite.com/mica-publicitate/afiseaza-anunt
Parameter name: idParameter name: gt;
Parameter name: lt;script
Parameter name: gt;alert(document.cookie)
Parameter name: lt;/script
Parameter name: gt;
Any advice on how i should solve this issue?
https://www.ads-software.com/extend/plugins/another-wordpress-classifieds-plugin/
- The topic ‘Sql injection’ is closed to new replies.