Short Name |
HTTP:SQL:INJ:WS2000 |
---|---|
Severity |
Minor |
Recommended |
No |
Category |
HTTP |
Keywords |
WebStore2000 Item_ID Parameter SQL Injection |
Release Date |
2004/02/04 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects SQL injection attempts against a WebStore2000 server. Attackers can inject SQL code into the Item_ID parameter of a maliciously crafted request, enabling them to execute arbitrary SQL commands on the WebStore2000 server.
This vulnerability is reportedly caused by a lack of sufficient sanitization of user-supplied data contained in URI parameters supplied to WebStores2000. Successful exploitation may allow for modification of the structure of SQL queries, resulting in information disclosure, or database corruption.