Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:SQL:INJ:L-FORUM

Severity

 Medium

Recommended

 No

Category

 HTTP

Keywords

 L-Forum SQL Injection

Release Date

 2003/04/22

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: L-Forum SQL Injection


This signature detects attempts to exploit a known vulnerability in L-Forum Web BBS package. The search.php script does not properly escape queries that are passed to it from the URL. Attackers can use a maliciously crafted URL in a Web browser to perform a SQL injection attack.

Extended Description

Reportedly, L-Forum is vulnerable to SQL injection attacks. The vulnerability lies in the file 'search.php' L-Forum does not properly sanitize user input that is used as part of the search parameter in the 'search.php' file. SQL code may be inserted into the requests and executed by the database server.

Affected Products

  • Leszek Krupinski L-Forum 2.4.0 .0

References

  • BugTraq: 5468
  • CVE: CVE-2002-1457
  • URL: http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0074.html

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out