Snitz Forums 2000 < 3.4.03 register.asp Email Parameter SQL Injection

high Nessus Plugin ID 14227

Synopsis

The discussion forum running on the remote web server has a SQL injection vulnerability.

Description

The remote host is using Snitz Forum 2000.

This version allows an attacker to execute stored procedures and non-interactive operating system commands on the system.

The problem stems from the fact that the 'Email' variable in the register.asp module fails to properly validate and strip out malicious SQL data.

An attacker, exploiting this flaw, would need network access to the web server. A successful attack would allow the remote attacker the ability to potentially execute arbitrary system commands through common SQL stored procedures such as xp_cmdshell.

Solution

Upgrade to Snitz Forum 2000 version 3.4.03 or later.

See Also

https://seclists.org/vulnwatch/2003/q2/69

Plugin Details

Severity: High

ID: 14227

File Name: snitz_forums_2000_sql_injection.nasl

Version: 1.28

Type: remote

Family: CGI abuses

Published: 8/4/2004

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: www/ASP

Exploit Ease: No exploit is required

Vulnerability Publication Date: 5/12/2003

Reference Information

CVE: CVE-2003-0286

BID: 7549

CWE: 89