Potential MySQL Injection Vulnerability Detection

High Nessus Network Monitor Plugin ID 2001

Synopsis

The remote web server contains a script that appears to be vulnerable to a SQL injection attack.

Description

PVS observed a response from a web server that was driven by an error message from an underlying SQL server. It is possible that the application may be susceptible to an attack known as 'SQL Injection' in which an attacker can pass SQL commands via a web query. Successful exploitation would allow the remote attacker to execute arbitrary SQL commands on the backend database server.

Solution

Audit and modify the application to properly validate user input.

See Also

http://en.wikipedia.org/wiki/SQL_injection

http://www.securiteam.com/securityreviews/5DP0N1P76E.html

Plugin Details

Severity: High

ID: 2001

File Name: 2001.prm

Family: Web Servers

Published: 2004/08/18

Modified: 2016/01/15

Dependencies: 1442

Nessus ID: 11139

Risk Information

Risk Factor: High