On Mon, Sep 03, 2001 at 11:32:27AM +0100, Matt Moore wrote: > The advisory lists 5 Apache modules that are vulnerable to SQL code > injection. I would envisage the plugin simply making a request to the server > and then examining the banner in the response for the appropriate strings: > > mod_auth_pg/1.2b2 > mod_auth_mysql/1.9 > mod_auth_oracle/0.5.1 > mod_auth_pgsql/0.9.5 > mod_auth_pgsql_sys/0.9.4 > > I don't have sufficient time to install all these modules and check whether > the banner they return includes these strings. (I'll probably just test > against mod_auth_mysql). I'll install mod_auth_pgsql and mod_auth_pgsql_sys (if that's postgres :) -- Renaud
This archive was generated by hypermail 2b30 : Tue Sep 04 2001 - 16:09:10 PDT