Detections
Analytics
CGI Generic SQL Injection
high Nessus Plugin ID 11139
Synopsis
A web application is potentially vulnerable to SQL injection.Description
By providing specially crafted parameters to CGIs, Nessus was able to get an error from the underlying database. This error suggests that the CGI is affected by a SQL injection vulnerability.An attacker may exploit this flaw to bypass authentication, read confidential data, modify the remote database, or even take control of the remote operating system.
Solution
Modify the relevant CGIs so that they properly escape arguments.See Also
https://www.owasp.org/index.php/SQL_Injection
https://en.wikipedia.org/wiki/SQL_injection
http://www.securiteam.com/securityreviews/5DP0N1P76E.html
http://www.nessus.org/u?ed792cf5
http://projects.webappsec.org/w/page/13246963/SQL%20Injection
Plugin Details
Severity: High
ID: 11139
File Name: torture_cgi_sql_injection.nasl
Version: 2.30
Type: remote
Family: CGI abuses
Published: 7/23/2009
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Vulnerability Information
Required KB Items: Settings/enable_web_app_tests