Short Name |
HTTP:SQL:INJ:THEWEBFORUM-LOGIN |
---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
TheWebForum SQL Injection |
Release Date |
2013/05/16 |
Update Number |
2263 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
This signature detects attempts to exploit a known SQL injection vulnerability in TheWebForum. It is due to insufficient validation of a parameter sent to the login.php script. An attacker can exploit this issue by manipulating the SQL query logic to carry out unauthorized actions on the underlying database.
TheWebForum is prone to multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of these vulnerabilities could result in a compromise of the application, disclosure or modification of data, the theft of cookie-based authentication credentials and allow an attacker to control how the site is rendered to the user. They may also permit an attacker to exploit vulnerabilities in the underlying database implementation as well as other attacks.