Vulners
Lucene search
📄 Alicorn Circa 2004 SQL Injection / Command Injection / XSS
=============================================================================================================================================
| # Title : Alicorn Front-End to Unicornscan in Data Correlation Module SQL Injection and Command Injection Vulnerabilities |
| # Author : indoushka |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.1 (64 bits) |
| # Vendor : https://www.unicornscan.org/ |
=============================================================================================================================================
[+] References : https://packetstorm.news/files/id/34550/
[+] Summary : This analysis examines a PHP script from the Unicornscan network reconnaissance tool (circa 2004) that contains severe security vulnerabilities.
The code is intended for querying and correlating scan data but is fundamentally insecure due to improper input handling.
1. SQL Injection (Critical)
Location: db2response() function calls with raw user input
Impact: Full database compromise, data exfiltration, unauthorized access
Root Cause: Direct usage of $_POST/$_GET arrays without sanitization
2. Potential Command Injection
Location: banner and os parameters
Impact: Remote code execution on server
Root Cause: Lack of input validation on regex pattern fields
3. Cross-Site Scripting (XSS)
Location: urldecode() calls without output encoding
Impact: Client-side script execution, session hijacking
4. Insecure Direct Object References
Location: Direct database queries with user-controlled parameters
Impact: Unauthorized data access
[+] Attack Vectors :
SQL Injection Examples:
POST /scan_data/data_select.php
host_addr=' UNION SELECT 1,2,3,4,5,6,7,8,@@version,10--
[+] Data Exfiltration:
GET /scan_data/data_select.php?host_addr=1' OR 1=1&mask=1
[+] Risk Assessment :
Vulnerability Severity Exploit Complexity Impact
SQL Injection Critical Low Complete system compromise
Command Injection High Medium Server takeover
XSS Medium Low Client-side attacks
[+] Root Causes :
No Input Validation: Complete trust in user-supplied data
No Parameterized Queries: Direct string concatenation in SQL
No Output Encoding: Raw data displayed to users
Age of Code: Written before modern security practices (2004)
[+] Immediate Actions:
Remove from production environments
Implement parameterized queries
Apply strict input validation
Add output encoding
[+] Long-term Solutions:
Complete code rewrite using modern frameworks
Implement proper authentication/authorization
Regular security audits
Dependency updates
[+] Conclusion :
This legacy code represents a critical security risk and should be immediately isolated from any production systems.
The vulnerabilities are trivial to exploit and could lead to complete system compromise. Modern security practices must replace these antiquated coding patterns.
Greetings to :=====================================================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
===================================================================================================Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
29 Jan 2026 00:00Current
5.3Medium risk
Vulners AI Score5.3