CGI Generic SQL Injection (blind, time based)

high Nessus Plugin ID 43160
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

A CGI application hosted on the remote web server is potentially prone to SQL injection attack.

Description

By sending specially crafted parameters to one or more CGI scripts hosted on the remote web server, Nessus was able to get a slower response, which suggests that it may have been able to modify the behavior of the application and directly access the underlying database.

An attacker may be able to exploit this issue to bypass authentication, read confidential data, modify the remote database, or even take control of the remote operating system.

Note that this script is experimental and may be prone to false positives.

Solution

Modify the affected CGI scripts so that they properly escape arguments.

See Also

http://www.securiteam.com/securityreviews/5DP0N1P76E.html

http://www.nessus.org/u?ed792cf5

http://projects.webappsec.org/w/page/13246963/SQL%20Injection

Plugin Details

Severity: High

ID: 43160

File Name: torture_cgi_blind_sql_injection2.nasl

Version: 1.24

Type: remote

Family: CGI abuses

Published: 12/14/2009

Updated: 1/19/2021

Dependencies: http_version.nasl, webmirror.nasl, web_app_test_settings.nasl, torture_cgi_load_estimation1.nasl, mssqlserver_detect.nasl, postgresql_detect.nasl, mysql_version.nasl

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: Settings/enable_web_app_tests

Reference Information

CWE: 20, 77, 89, 713, 722, 727, 751, 801, 810, 928, 929