Short Name |
HTTP:SQL:INJ:MERCURY-UA |
---|---|
Severity |
Warning |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
MercuryBoard index.php SQL Injection |
Release Date |
2006/08/31 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects an attempt to exploit a SQL injection vulnerability in MercuryBoard 1.1.4. By submitting a maliciously crafted request, an attacker can steal the MercuryBoard administrator password.
MercuryBoard is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.