Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.803541
Kategorie:Nmap NSE
Titel:Nmap NSE 6.01: sql-injection
Zusammenfassung:Spiders an HTTP server looking for URLs containing queries vulnerable to an SQL injection attack.;;The script spiders an HTTP server looking for URLs containing queries. It then proceeds to combine;crafted SQL commands with susceptible URLs in order to obtain errors. The errors are analysed to see;if the URL is vulnerable to attack. This uses the most basic form of SQL injection but anything more;complicated is better suited to a standalone tool.;;We may not have access to the target web server's true hostname, which can prevent access to;virtually hosted sites.;;SYNTAX:;;httpspider.withinhost: only spider URLs within the same host.;(default: true);;httpspider.maxpagecount: the maximum amount of pages to visit.;A negative value disables the limit (default: 20);;httpspider.withindomain: only spider URLs within the same;domain. This widens the scope from 'withinhost' and can;not be used in combination. (default: false);;httpspider.maxdepth: the maximum amount of directories beneath;the initial url to spider. A negative value disables the limit.;(default: 3);;httpspider.url: the url to start spidering. This is a URL;relative to the scanned host eg. /default.html (default: /);;sql-injection.start: The path at which to start spidering, default '/'.;;http.pipeline: If set, it represents the number of HTTP requests that'll be;pipelined (ie, sent in a single request). This can be set low to make;debugging easier, or it can be set high to test how a server reacts (its;chosen max is ignored).;;sql-injection.maxdepth: The maximum depth to spider, default 10.;;http-max-cache-size: The maximum memory size (in bytes) of the cache.;;httpspider.noblacklist: if set, doesn't load the default blacklist
Beschreibung:Summary:
Spiders an HTTP server looking for URLs containing queries vulnerable to an SQL injection attack.

The script spiders an HTTP server looking for URLs containing queries. It then proceeds to combine
crafted SQL commands with susceptible URLs in order to obtain errors. The errors are analysed to see
if the URL is vulnerable to attack. This uses the most basic form of SQL injection but anything more
complicated is better suited to a standalone tool.

We may not have access to the target web server's true hostname, which can prevent access to
virtually hosted sites.

SYNTAX:

httpspider.withinhost: only spider URLs within the same host.
(default: true)

httpspider.maxpagecount: the maximum amount of pages to visit.
A negative value disables the limit (default: 20)

httpspider.withindomain: only spider URLs within the same
domain. This widens the scope from 'withinhost' and can
not be used in combination. (default: false)

httpspider.maxdepth: the maximum amount of directories beneath
the initial url to spider. A negative value disables the limit.
(default: 3)

httpspider.url: the url to start spidering. This is a URL
relative to the scanned host eg. /default.html (default: /)

sql-injection.start: The path at which to start spidering, default '/'.

http.pipeline: If set, it represents the number of HTTP requests that'll be
pipelined (ie, sent in a single request). This can be set low to make
debugging easier, or it can be set high to test how a server reacts (its
chosen max is ignored).

sql-injection.maxdepth: The maximum depth to spider, default 10.

http-max-cache-size: The maximum memory size (in bytes) of the cache.

httpspider.noblacklist: if set, doesn't load the default blacklist

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

CopyrightCopyright (C) 2013 NSE-Script: The Nmap Security Scanner; NASL-Wrapper: Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.