Tweet
Hello,
Is this a high risk vulnerabilityes ?
If YES , how to secure it ?
What is the best mode to secure my forum ?
Thanks.
Is this a high risk vulnerabilityes ?
If YES , how to secure it ?
What is the best mode to secure my forum ?
Thanks.
Code:
<?xml version="1.0" encoding="utf-8"?>
<ROOT>
<SiteVulList>
<VulRow>
<ReferURL>http://www.mydomain.com/calendar.php^s=75a2a98e2995cd8c601b75d3b6c7338a</ReferURL>
<Parameter>s=75a2a98e2995cd8c601b75d3b6c7338a</Parameter>
<Type>String</Type>
<KWordActionURL>remotely</KWordActionURL>
<Vulnerability>COOKIE SQL INJECTION</Vulnerability>
</VulRow>
<VulRow>
<ReferURL>http://www.mydomain.com/search.php?s=75a2a98e2995cd8c601b75d3b6c7338a&do=getnew^contenttype=vBForum_Post</ReferURL>
<Parameter>contenttype=vBForum_Post</Parameter>
<Type>String</Type>
<KWordActionURL>remotely</KWordActionURL>
<Vulnerability>COOKIE SQL INJECTION</Vulnerability>
</VulRow>
<VulRow>
<ReferURL>http://www.mydomain.com/vbmail.php?s=99999999</ReferURL>
<Parameter>s=99999999</Parameter>
<Type>Integer</Type>
<KWordActionURL>remotely</KWordActionURL>
<Vulnerability>URL SQL INJECTION</Vulnerability>
</VulRow>
<VulRow>
<ReferURL>http://www.mydomain.com/search.php?do=getdaily&contenttype=vBForum_Post&s=75a2a98e2995cd8c601b75d3b6c7338a</ReferURL>
<Parameter>s=75a2a98e2995cd8c601b75d3b6c7338a</Parameter>
<Type>String</Type>
<KWordActionURL>document</KWordActionURL>
<Vulnerability>URL SQL INJECTION</Vulnerability>
</VulRow>
<VulRow>
<ReferURL>http://www.mydomain.com/forum.php?s=75a2a98e2995cd8c601b75d3b6c7338a</ReferURL>
<Parameter>s=75a2a98e2995cd8c601b75d3b6c7338a</Parameter>
<Type>String</Type>
<KWordActionURL>remotely</KWordActionURL>
<Vulnerability>URL SQL INJECTION</Vulnerability>
</VulRow>
<VulRow>
<ReferURL>http://www.mydomain.com/forum.php?s=99999999</ReferURL>
<Parameter>s=99999999</Parameter>
<Type>String</Type>
<KWordActionURL>remotely</KWordActionURL>
<Vulnerability>URL SQL INJECTION</Vulnerability>
</VulRow>
<VulRow>
<ReferURL>http://www.mydomain.com/thanks.php?s=75a2a98e2995cd8c601b75d3b6c7338a&do=hottest</ReferURL>
<Parameter>do=hottest</Parameter>
<Type>String</Type>
<KWordActionURL>remotely</KWordActionURL>
<Vulnerability>URL SQL INJECTION</Vulnerability>
</VulRow>
<VulRow>
<ReferURL>http://www.mydomain.com/thanks.php?do=statistics&s=99999999</ReferURL>
<Parameter>s=99999999</Parameter>
<Type>String</Type>
<KWordActionURL>remotely</KWordActionURL>
<Vulnerability>URL SQL INJECTION</Vulnerability>
</VulRow>
<VulRow>
<ReferURL>http://www.mydomain.com/forums/1-General-Category?s=75a2a98e2995cd8c601b75d3b6c7338a</ReferURL>
<Parameter>s=75a2a98e2995cd8c601b75d3b6c7338a</Parameter>
<Type>String</Type>
<KWordActionURL>remotely</KWordActionURL>
<Vulnerability>URL SQL INJECTION</Vulnerability>
</VulRow>
<VulRow>
<ReferURL>http://www.mydomain.com/forums/1-General-Category^s=75a2a98e2995cd8c601b75d3b6c7338a</ReferURL>
<Parameter>s=75a2a98e2995cd8c601b75d3b6c7338a</Parameter>
<Type>String</Type>
<KWordActionURL>remotely</KWordActionURL>
<Vulnerability>COOKIE SQL INJECTION</Vulnerability>
</VulRow>
<VulRow>
<ReferURL>http://www.mydomain.com/forumdisplay.php?s=75a2a98e2995cd8c601b75d3b6c7338a&do=markread^markreadhash=guest</ReferURL>
<Parameter>markreadhash=guest</Parameter>
<Type>String</Type>
<KWordActionURL>remotely</KWordActionURL>
<Vulnerability>COOKIE SQL INJECTION</Vulnerability>
</VulRow>
<VulRow>
<ReferURL>http://www.mydomain.com/forumdisplay.php?do=markread&markreadhash=guest&s=99999999</ReferURL>
<Parameter>s=99999999</Parameter>
<Type>Integer</Type>
<KWordActionURL>Rokco</KWordActionURL>
<Vulnerability>URL SQL INJECTION</Vulnerability>
</VulRow>
<VulRow>
<ReferURL>http://www.mydomain.com/forums/7-Rules-amp-Announcements^s=75a2a98e2995cd8c601b75d3b6c7338a</ReferURL>
<Parameter>s=75a2a98e2995cd8c601b75d3b6c7338a</Parameter>
<Type>String</Type>
<KWordActionURL>remotely</KWordActionURL>
<Vulnerability>COOKIE SQL INJECTION</Vulnerability>
</VulRow>
<VulRow>
<ReferURL>http://www.mydomain.com/login.php?do=login^vb_login_password_hint=Password&s=&securitytoken=guest&do=login&vb_login_md5password=&vb_login_md5password_utf=&vb_login_username=User Name&vb_login_password=WCRTESTINPUT000000</ReferURL>
<Parameter>vb_login_password=!S!WCRTESTINPUT000000!E!</Parameter>
<Type>String</Type>
<KWordActionURL>entered</KWordActionURL>
<Vulnerability>POST SQL INJECTION</Vulnerability>
</VulRow>
<VulRow>
<ReferURL>http://www.mydomain.com/forums/4-Suggestions?s=99999999</ReferURL>
<Parameter>s=99999999</Parameter>
<Type>Integer</Type>
<KWordActionURL>remotely</KWordActionURL>
<Vulnerability>URL SQL INJECTION</Vulnerability>
</VulRow>
<VulRow>
<ReferURL>http://www.mydomain.com/forums/6-Introductions?s=75a2a98e2995cd8c601b75d3b6c7338a</ReferURL>
<Parameter>s=75a2a98e2995cd8c601b75d3b6c7338a</Parameter>
<Type>String</Type>
<KWordActionURL>remotely</KWordActionURL>
<Vulnerability>URL SQL INJECTION</Vulnerability>
</VulRow>
<VulRow>
<ReferURL>http://www.mydomain.com/forums/6-Introductions?s=99999999</ReferURL>
<Parameter>s=99999999</Parameter>
<Type>String</Type>
<KWordActionURL>remotely</KWordActionURL>
<Vulnerability>URL SQL INJECTION</Vulnerability>
</VulRow>
<VulRow>
<ReferURL>http://www.mydomain.com/forum.php?styleid=5</ReferURL>
<Parameter>styleid=5</Parameter>
<Type>Integer</Type>
<KWordActionURL>remotely</KWordActionURL>
<Vulnerability>URL SQL INJECTION</Vulnerability>
</VulRow>
</SiteVulList>
</ROOT>
Comment