I have just installed :
vBulletin 3.0.3
Apache 2
PHP 5
MySql 4.1.7
VB 3.0.3
After installation was completed and the forum was setup and working correctly, I ran a Nessus venerability scan (
http://www.nessus.org/). The report returned the following items which are a little "interesting" (the really interesting bits are highlighted)
I have encountered false positives with Nessus before, so should I be concerned about these (especially considering that one section suggests upgrading to VB 3.0.4 which AFAIK doesnt exist in the public domain)
Quote:
Vulnerability www (80/tcp)
The following URLs seem to be vulnerable to various SQL injection
techniques :
/forumdisplay.php?f='UNION'
/forumdisplay.php?f='UNION'
/forumdisplay.php?f='
/forumdisplay.php?f='
/forumdisplay.php?f='%22
/forumdisplay.php?f='%22
/forumdisplay.php?f=9%2c+9%2c+9
/forumdisplay.php?f=9%2c+9%2c+9
/forumdisplay.php?f='bad_bad_value
/forumdisplay.php?f='bad_bad_value
/forumdisplay.php?f=bad_bad_value'
/forumdisplay.php?f=bad_bad_value'
/forumdisplay.php?f='+OR+'
/forumdisplay.php?f='+OR+'
/forumdisplay.php?f='WHERE
/forumdisplay.php?f='WHERE
/forumdisplay.php?f=%3B
/forumdisplay.php?f=%3B
/forumdisplay.php?f='OR
/forumdisplay.php?f='OR
/forumdisplay.php?f=' or 1=1--
/forumdisplay.php?f= or 1=1--
/forumdisplay.php?f=' or 'a'='a
/forumdisplay.php?f=') or ('a'='a
An attacker may exploit this flaws to bypass authentication
or to take the control of the remote database.
Solution : Modify the relevant CGIs so that they properly escape arguments
Risk factor : High
See also : http://www.securiteam.com/securityre...DP0N1P76E.html
Nessus ID : 11139
|
Quote:
Vulnerability www (80/tcp)
The following URLs seem to be vulnerable to various SQL injection
techniques :
/calendar.php?s='UNION'
/calendar.php?s='UNION'
/calendar.php?s='
/calendar.php?s='
/calendar.php?s='%22
/calendar.php?s='%22
/calendar.php?s=9%2c+9%2c+9
/calendar.php?s=9%2c+9%2c+9
/calendar.php?s='bad_bad_value
/calendar.php?s='bad_bad_value
/calendar.php?s=bad_bad_value'
/calendar.php?s=bad_bad_value'
/calendar.php?s='+OR+'
/calendar.php?s='+OR+'
/calendar.php?s='WHERE
/calendar.php?s='WHERE
/calendar.php?s=%3B
/calendar.php?s=%3B
/calendar.php?s='OR
/calendar.php?s='OR
/calendar.php?s=' or 1=1--
/calendar.php?s= or 1=1--
/calendar.php?s=' or 'a'='a
/calendar.php?s=') or ('a'='a
An attacker may exploit this flaws to bypass authentication
or to take the control of the remote database.
Solution : Modify the relevant CGIs so that they properly escape arguments
Risk factor : High
See also : http://www.securiteam.com/securityre...DP0N1P76E.html
Nessus ID : 11139
|
Quote:
Vulnerability www (80/tcp)
The following URLs seem to be vulnerable to various SQL injection
techniques :
/memberlist.php?s='UNION'
/memberlist.php?s='UNION'
/memberlist.php?s='
/memberlist.php?s='
/memberlist.php?s='%22
/memberlist.php?s='%22
/memberlist.php?s=9%2c+9%2c+9
/memberlist.php?s=9%2c+9%2c+9
/memberlist.php?s='bad_bad_value
/memberlist.php?s='bad_bad_value
/memberlist.php?s=bad_bad_value'
/memberlist.php?s=bad_bad_value'
/memberlist.php?s='+OR+'
/memberlist.php?s='+OR+'
/memberlist.php?s='WHERE
/memberlist.php?s='WHERE
/memberlist.php?s=%3B
/memberlist.php?s=%3B
/memberlist.php?s='OR
/memberlist.php?s='OR
/memberlist.php?s=' or 1=1--
/memberlist.php?s= or 1=1--
/memberlist.php?s=' or 'a'='a
/memberlist.php?s=') or ('a'='a
An attacker may exploit this flaws to bypass authentication
or to take the control of the remote database.
Solution : Modify the relevant CGIs so that they properly escape arguments
Risk factor : High
See also : http://www.securiteam.com/securityre...DP0N1P76E.html
Nessus ID : 11139
|
Quote:
Vulnerability www (80/tcp)
The remote host is running vBulletin, a web based bulletin board system
written in PHP.
The remote version of this software is vulnerable to a cross-site scripting
issue, due to a failure of the application to properly sanitize user-supplied
URI input.
As a result of this vulnerability, it is possible for a remote attacker
to create a malicious link containing script code that will be executed
in the browser of an unsuspecting user when followed.
This may facilitate the theft of cookie-based authentication credentials
as well as other attacks.
Solution : Upgrade to vBulletin 3.0.2 or newer
Risk factor : Medium
CVE : CAN-2004-0620
BID : 10612, 10602
Other references : OSVDB:7256
Nessus ID : 14792
|
Quote:
Vulnerability www (80/tcp)
The remote host is running vBulletin, a web based bulletin board system
written in PHP.
The remote version of this software is vulnerable to a cross-site scripting
issue, due to a failure of the application to properly sanitize user-supplied
URI input.
As a result of this vulnerability, it is possible for a remote attacker
to create a malicious link containing script code that will be executed
in the browser of an unsuspecting user when followed.
This may facilitate the theft of cookie-based authentication credentials
as well as other attacks.
Solution : Upgrade to vBulletin 3.0.2 or newer
Risk factor : Medium
CVE : CAN-2004-0620
BID : 10612, 10602
Other references : OSVDB:7256
Nessus ID : 14792
|
Quote:
Vulnerability www (80/tcp)
The following URLs seem to be vulnerable to various SQL injection
techniques :
/login.php?forceredirect='UNION'
/login.php?forceredirect='UNION'
/login.php?forceredirect='
/login.php?forceredirect='
/login.php?forceredirect='%22
/login.php?forceredirect='%22
/login.php?forceredirect=9%2c+9%2c+9
/login.php?forceredirect=9%2c+9%2c+9
/login.php?forceredirect='bad_bad_value
/login.php?forceredirect='bad_bad_value
/login.php?forceredirect=bad_bad_value'
/login.php?forceredirect=bad_bad_value'
/login.php?forceredirect='+OR+'
/login.php?forceredirect='+OR+'
/login.php?forceredirect='WHERE
/login.php?forceredirect='WHERE
/login.php?forceredirect=%3B
/login.php?forceredirect=%3B
/login.php?forceredirect='OR
/login.php?forceredirect='OR
/login.php?forceredirect=' or 1=1--
/login.php?forceredirect= or 1=1--
/login.php?forceredirect=' or 'a'='a
/login.php?forceredirect=') or ('a'='a
An attacker may exploit this flaws to bypass authentication
or to take the control of the remote database.
Solution : Modify the relevant CGIs so that they properly escape arguments
Risk factor : High
See also : http://www.securiteam.com/securityre...DP0N1P76E.html
Nessus ID : 11139
|
Quote:
Vulnerability www (80/tcp)
The following URLs seem to be vulnerable to various SQL injection
techniques :
/register.php?do='UNION'
/register.php?do='UNION'
/register.php?do='
/register.php?do='
/register.php?do='%22
/register.php?do='%22
/register.php?do=9%2c+9%2c+9
/register.php?do=9%2c+9%2c+9
/register.php?do='bad_bad_value
/register.php?do='bad_bad_value
/register.php?do=bad_bad_value'
/register.php?do=bad_bad_value'
/register.php?do='+OR+'
/register.php?do='+OR+'
/register.php?do='WHERE
/register.php?do='WHERE
/register.php?do=%3B
/register.php?do=%3B
/register.php?do='OR
/register.php?do='OR
/register.php?do=' or 1=1--
/register.php?do= or 1=1--
/register.php?do=' or 'a'='a
/register.php?do=') or ('a'='a
An attacker may exploit this flaws to bypass authentication
or to take the control of the remote database.
Solution : Modify the relevant CGIs so that they properly escape arguments
Risk factor : High
See also : http://www.securiteam.com/securityre...DP0N1P76E.html
Nessus ID : 11139
|
Quote:
Vulnerability www (80/tcp)
The following URLs seem to be vulnerable to various SQL injection
techniques :
/sendmessage.php?s='UNION'
/sendmessage.php?s='UNION'
/sendmessage.php?s='
/sendmessage.php?s='
/sendmessage.php?s='%22
/sendmessage.php?s='%22
/sendmessage.php?s=9%2c+9%2c+9
/sendmessage.php?s=9%2c+9%2c+9
/sendmessage.php?s='bad_bad_value
/sendmessage.php?s='bad_bad_value
/sendmessage.php?s=bad_bad_value'
/sendmessage.php?s=bad_bad_value'
/sendmessage.php?s='+OR+'
/sendmessage.php?s='+OR+'
/sendmessage.php?s='WHERE
/sendmessage.php?s='WHERE
/sendmessage.php?s=%3B
/sendmessage.php?s=%3B
/sendmessage.php?s='OR
/sendmessage.php?s='OR
/sendmessage.php?s=' or 1=1--
/sendmessage.php?s= or 1=1--
/sendmessage.php?s=' or 'a'='a
/sendmessage.php?s=') or ('a'='a
An attacker may exploit this flaws to bypass authentication
or to take the control of the remote database.
Solution : Modify the relevant CGIs so that they properly escape arguments
Risk factor : High
See also : http://www.securiteam.com/securityre...DP0N1P76E.html
Nessus ID : 11139
|
Quote:
Vulnerability www (80/tcp)
The following URLs seem to be vulnerable to various SQL injection
techniques :
/faq.php?s='UNION'
/faq.php?s='UNION'
/faq.php?s='
/faq.php?s='
/faq.php?s='%22
/faq.php?s='%22
/faq.php?s=9%2c+9%2c+9
/faq.php?s=9%2c+9%2c+9
/faq.php?s='bad_bad_value
/faq.php?s='bad_bad_value
/faq.php?s=bad_bad_value'
/faq.php?s=bad_bad_value'
/faq.php?s='+OR+'
/faq.php?s='+OR+'
/faq.php?s='WHERE
/faq.php?s='WHERE
/faq.php?s=%3B
/faq.php?s=%3B
/faq.php?s='OR
/faq.php?s='OR
/faq.php?s=' or 1=1--
/faq.php?s= or 1=1--
/faq.php?s=' or 'a'='a
/faq.php?s=') or ('a'='a
An attacker may exploit this flaws to bypass authentication
or to take the control of the remote database.
Solution : Modify the relevant CGIs so that they properly escape arguments
Risk factor : High
See also : http://www.securiteam.com/securityre...DP0N1P76E.html
Nessus ID : 11139
|
Quote:
Vulnerability www (80/tcp)
The remote host is running vBulletin, a web based bulletin board system written
in PHP.
The remote version of this software is vulnerable to a SQL injection issue. It is
reported that versions 3.0.0 through to 3.0.3 are prone to this issue. An attacker
may exploit this flaw to gain the control of the remote database.
See also : http://secunia.com/advisories/12531/
Solution : Upgrade to vBulletin 3.0.4 or newer
Risk factor : High
BID : 11193
Nessus ID : 14785
|
Quote:
Vulnerability www (80/tcp)
The following URLs seem to be vulnerable to various SQL injection
techniques :
/index.php?s='UNION'
/index.php?s='UNION'
/index.php?s='
/index.php?s='
/index.php?s='%22
/index.php?s='%22
/index.php?s=9%2c+9%2c+9
/index.php?s=9%2c+9%2c+9
/index.php?s='bad_bad_value
/index.php?s='bad_bad_value
/index.php?s=bad_bad_value'
/index.php?s=bad_bad_value'
/index.php?s='+OR+'
/index.php?s='+OR+'
/index.php?s='WHERE
/index.php?s='WHERE
/index.php?s=%3B
/index.php?s=%3B
/index.php?s='OR
/index.php?s='OR
/index.php?s=' or 1=1--
/index.php?s= or 1=1--
/index.php?s=' or 'a'='a
/index.php?s=') or ('a'='a
An attacker may exploit this flaws to bypass authentication
or to take the control of the remote database.
Solution : Modify the relevant CGIs so that they properly escape arguments
Risk factor : High
See also : http://www.securiteam.com/securityre...DP0N1P76E.html
Nessus ID : 11139
|
Quote:
Vulnerability www (80/tcp)
The remote host is running vBulletin, a web based bulletin board system written
in PHP.
The remote version of this software is vulnerable to a SQL injection issue. It is
reported that versions 3.0.0 through to 3.0.3 are prone to this issue. An attacker
may exploit this flaw to gain the control of the remote database.
See also : http://secunia.com/advisories/12531/
Solution : Upgrade to vBulletin 3.0.4 or newer
Risk factor : High
BID : 11193
Nessus ID : 14785
|