Hello,
Is this a high risk vulnerabilityes ?
If YES , how to secure it ?
What is the best mode to secure my forum ?
Thanks.
Is this a high risk vulnerabilityes ?
If YES , how to secure it ?
What is the best mode to secure my forum ?
Thanks.
Code:
<?xml version="1.0" encoding="utf-8"?> <ROOT> <SiteVulList> <VulRow> <ReferURL>http://www.mydomain.com/calendar.php^s=75a2a98e2995cd8c601b75d3b6c7338a</ReferURL> <Parameter>s=75a2a98e2995cd8c601b75d3b6c7338a</Parameter> <Type>String</Type> <KWordActionURL>remotely</KWordActionURL> <Vulnerability>COOKIE SQL INJECTION</Vulnerability> </VulRow> <VulRow> <ReferURL>http://www.mydomain.com/search.php?s=75a2a98e2995cd8c601b75d3b6c7338a&do=getnew^contenttype=vBForum_Post</ReferURL> <Parameter>contenttype=vBForum_Post</Parameter> <Type>String</Type> <KWordActionURL>remotely</KWordActionURL> <Vulnerability>COOKIE SQL INJECTION</Vulnerability> </VulRow> <VulRow> <ReferURL>http://www.mydomain.com/vbmail.php?s=99999999</ReferURL> <Parameter>s=99999999</Parameter> <Type>Integer</Type> <KWordActionURL>remotely</KWordActionURL> <Vulnerability>URL SQL INJECTION</Vulnerability> </VulRow> <VulRow> <ReferURL>http://www.mydomain.com/search.php?do=getdaily&contenttype=vBForum_Post&s=75a2a98e2995cd8c601b75d3b6c7338a</ReferURL> <Parameter>s=75a2a98e2995cd8c601b75d3b6c7338a</Parameter> <Type>String</Type> <KWordActionURL>document</KWordActionURL> <Vulnerability>URL SQL INJECTION</Vulnerability> </VulRow> <VulRow> <ReferURL>http://www.mydomain.com/forum.php?s=75a2a98e2995cd8c601b75d3b6c7338a</ReferURL> <Parameter>s=75a2a98e2995cd8c601b75d3b6c7338a</Parameter> <Type>String</Type> <KWordActionURL>remotely</KWordActionURL> <Vulnerability>URL SQL INJECTION</Vulnerability> </VulRow> <VulRow> <ReferURL>http://www.mydomain.com/forum.php?s=99999999</ReferURL> <Parameter>s=99999999</Parameter> <Type>String</Type> <KWordActionURL>remotely</KWordActionURL> <Vulnerability>URL SQL INJECTION</Vulnerability> </VulRow> <VulRow> <ReferURL>http://www.mydomain.com/thanks.php?s=75a2a98e2995cd8c601b75d3b6c7338a&do=hottest</ReferURL> <Parameter>do=hottest</Parameter> <Type>String</Type> <KWordActionURL>remotely</KWordActionURL> <Vulnerability>URL SQL INJECTION</Vulnerability> </VulRow> <VulRow> <ReferURL>http://www.mydomain.com/thanks.php?do=statistics&s=99999999</ReferURL> <Parameter>s=99999999</Parameter> <Type>String</Type> <KWordActionURL>remotely</KWordActionURL> <Vulnerability>URL SQL INJECTION</Vulnerability> </VulRow> <VulRow> <ReferURL>http://www.mydomain.com/forums/1-General-Category?s=75a2a98e2995cd8c601b75d3b6c7338a</ReferURL> <Parameter>s=75a2a98e2995cd8c601b75d3b6c7338a</Parameter> <Type>String</Type> <KWordActionURL>remotely</KWordActionURL> <Vulnerability>URL SQL INJECTION</Vulnerability> </VulRow> <VulRow> <ReferURL>http://www.mydomain.com/forums/1-General-Category^s=75a2a98e2995cd8c601b75d3b6c7338a</ReferURL> <Parameter>s=75a2a98e2995cd8c601b75d3b6c7338a</Parameter> <Type>String</Type> <KWordActionURL>remotely</KWordActionURL> <Vulnerability>COOKIE SQL INJECTION</Vulnerability> </VulRow> <VulRow> <ReferURL>http://www.mydomain.com/forumdisplay.php?s=75a2a98e2995cd8c601b75d3b6c7338a&do=markread^markreadhash=guest</ReferURL> <Parameter>markreadhash=guest</Parameter> <Type>String</Type> <KWordActionURL>remotely</KWordActionURL> <Vulnerability>COOKIE SQL INJECTION</Vulnerability> </VulRow> <VulRow> <ReferURL>http://www.mydomain.com/forumdisplay.php?do=markread&markreadhash=guest&s=99999999</ReferURL> <Parameter>s=99999999</Parameter> <Type>Integer</Type> <KWordActionURL>Rokco</KWordActionURL> <Vulnerability>URL SQL INJECTION</Vulnerability> </VulRow> <VulRow> <ReferURL>http://www.mydomain.com/forums/7-Rules-amp-Announcements^s=75a2a98e2995cd8c601b75d3b6c7338a</ReferURL> <Parameter>s=75a2a98e2995cd8c601b75d3b6c7338a</Parameter> <Type>String</Type> <KWordActionURL>remotely</KWordActionURL> <Vulnerability>COOKIE SQL INJECTION</Vulnerability> </VulRow> <VulRow> <ReferURL>http://www.mydomain.com/login.php?do=login^vb_login_password_hint=Password&s=&securitytoken=guest&do=login&vb_login_md5password=&vb_login_md5password_utf=&vb_login_username=User Name&vb_login_password=WCRTESTINPUT000000</ReferURL> <Parameter>vb_login_password=!S!WCRTESTINPUT000000!E!</Parameter> <Type>String</Type> <KWordActionURL>entered</KWordActionURL> <Vulnerability>POST SQL INJECTION</Vulnerability> </VulRow> <VulRow> <ReferURL>http://www.mydomain.com/forums/4-Suggestions?s=99999999</ReferURL> <Parameter>s=99999999</Parameter> <Type>Integer</Type> <KWordActionURL>remotely</KWordActionURL> <Vulnerability>URL SQL INJECTION</Vulnerability> </VulRow> <VulRow> <ReferURL>http://www.mydomain.com/forums/6-Introductions?s=75a2a98e2995cd8c601b75d3b6c7338a</ReferURL> <Parameter>s=75a2a98e2995cd8c601b75d3b6c7338a</Parameter> <Type>String</Type> <KWordActionURL>remotely</KWordActionURL> <Vulnerability>URL SQL INJECTION</Vulnerability> </VulRow> <VulRow> <ReferURL>http://www.mydomain.com/forums/6-Introductions?s=99999999</ReferURL> <Parameter>s=99999999</Parameter> <Type>String</Type> <KWordActionURL>remotely</KWordActionURL> <Vulnerability>URL SQL INJECTION</Vulnerability> </VulRow> <VulRow> <ReferURL>http://www.mydomain.com/forum.php?styleid=5</ReferURL> <Parameter>styleid=5</Parameter> <Type>Integer</Type> <KWordActionURL>remotely</KWordActionURL> <Vulnerability>URL SQL INJECTION</Vulnerability> </VulRow> </SiteVulList> </ROOT>
Comment