header-logo
Suggest Exploit
vendor:
SuperScout WebFilter Reports Server
by:
SecurityFocus
8.8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: SuperScout WebFilter Reports Server
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: YES
Related CWE: CVE-2002-0674
CPE: a:surfcontrol:superscout_webfilter_reports_server
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Unknown
2002

SurfControl SuperScout WebFilter Reports Server SQL Injection

SurfControl SuperScout WebFilter Reports Server is prone to SQL injection attacks due to insufficient input validation on the part of some of the reports files, which are implemented as .dlls. This allows remote attackers to modify the logic of SQL queries, potentially resulting in database corruption or disclosure of sensitive information.

Mitigation:

Input validation should be implemented to prevent attackers from exploiting this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5859/info

SurfControl SuperScout WebFilter Reports Server is prone to SQL injection attacks. This issue is due to insufficient input validation on the part of some of the reports files, which are implemented as .dlls.

As a consequence, remote attackers are able to modify the logic of SQL queries. This may result in database corruption or disclosure of sensitive information.

http://reports-server:8888/SimpleBar.dll/RunReport ?...<various parameters>

Navigation

Suggest Exploit

Services By CQR