Burning Board search.php boardids Parameter SQL Injection
Medium Nessus Network Monitor Plugin ID 3888
SynopsisThe remote web server contains a PHP script that is prone to a SQL injection attack.
DescriptionThe version of Burning Board / Burning Board Lite on the remote host fails to sanitize user input to the 'boardids' parameter of the 'search.php' script before using it in database queries. Regardless of PHP's 'register_globals' and 'magic_quotes_gpc' settings, an unauthenticated remote attacker can leverage this issue to launch SQL injection attacks against the affected application, including discovery of password hashes of users of the application.
SolutionNo solution is known at this time.