Hobbit Security Issue?
Gore, David W (David)
david.gore at verizonbusiness.com
Thu Mar 22 18:36:16 CET 2007
Perhaps someone more familiar with security can help me with this? Or
perhaps it's a false positive? We scan or hosts for security and my
score just went up more than three fold. This was the worst offender:
wpoison (nasl version)
Long Desc: The following URLs seem to be vulnerable to BLIND SQL
injection
techniques :
/hobbit-cgi/bb-hostsvc.sh?-='+AND+'b'>'a&HOST=myhost&SERVICE=info
Obviously Hobbit doesn't use SQL, but we do have a running mysql
instance running on the host. Our mysql instance is not used by hobbit.
Any suggestions?
Our mysql instance:
mysql Ver 14.12 Distrib 5.0.27, for redhat-linux-gnu (i686) using
readline 5.0
~David
More information about the Xymon
mailing list