Detections
Analytics
Web Application SQL Backend Identification
medium Nessus Plugin ID 44670
Language:
Synopsis
A web application's SQL backend can be identified.Description
At least one web application hosted on the remote web server is built on a SQL backend that Nessus was able to identify by looking at error messages.Leaking this kind of information may help an attacker fine-tune attacks against the application and its backend.
Solution
Filter out error messages.See Also
http://projects.webappsec.org/w/page/13246925/Fingerprinting
Plugin Details
Severity: Medium
ID: 44670
File Name: web_sql_backend.nasl
Version: 1.13
Type: remote
Family: CGI abuses
Published: 2/19/2010
Updated: 1/19/2021
Supported Sensors: Nessus
Risk Information
CVSS v2
Risk Factor: Medium
Base Score: 5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
Vulnerability Information
Required KB Items: Settings/enable_web_app_tests