CoolForum SQL and XSS Vulnerabilities
Medium Nessus Network Monitor Plugin ID 2725
SynopsisThe remote web server contains a script that is vulnerable to a SQL injection attack.
DescriptionThe remote host is running CoolForum, a bulletin board written in PHP. This version of CoolForum is vulnerable to at least two (2) remote attacks. Specifically, a SQL injection attack affects the 'entete.php' and 'register.php' scripts. An attacker exploiting these flaws would send a malformed query to the questionable scripts. A successful exploit would result in the reading and writing of confidential data. In addition, the attacker may be able to execute arbitrary code on the remote webserver.
Multiple HTML injection and Cross-Site Scripting (XSS) flaws have also been reported to exist within this version of CoolForum. An attacker exploiting these flaws would typically need to be able to convince a user to browse a malicious URI. A successful attack would result in the theft of potentially confidential client data (cookies, authentication credentials, and more) or malicious code being executed within the client browser.
SolutionUpgrade to version 0.8.1 or higher.