Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:SQL:INJ:BTTLXEFORUM

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 BattleAxe Forum SQL Injection

Release Date

 2005/03/24

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: BattleAxe Forum SQL Injection


This signature detects attempts to exploit a known vulnerability in the BattleAxe Forum software. Without authentication, malicious users can encode SQL comment characters within a malformed login, enabling them to inject SQL into the forum database. For example, new administrator accounts, posts from other accounts, or other malformed data that could corrupt the forum database structure.

Extended Description

bttlxe Forum is a web-based discussion forum implemented in ASP. An SQL injection vulnerability has been reported to affect the 'login.asp' page of bttlxe Forum. The condition is reportedly due to insufficient sanitization of externally supplied data that is used to construct SQL queries. This data may be supplied via the 'password' field during the authentication process. The consequences may vary depending on the particular database implementation and the nature of the specific queries. One scenario reported was bypassing the bttlxe forum authentication system, however other attacks may also be possible.

Affected Products

  • Battleaxe Software bttlxe Forum

References

  • BugTraq: 7416
  • CVE: CVE-2003-0215
  • URL: http://www.battleaxesoftware.com

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out