PACKETSTORM

📄 Alicorn Circa 2004 SQL Injection / Command Injection / XSS_PACKETSTORM:214540

January 29, 2026 invoker category_exploit

Description

This document articulates an overview of remote SQL injection, command injection, and cross site scripting vulnerabilities found in the Alicorn version from 2004...
Visit Original Source

Basic Information

ID PACKETSTORM:214540
Published Jan 29, 2026 at 00:00

Affected Product

Affected Versions =============================================================================================================================================
| # Title : Alicorn Front-End to Unicornscan in Data Correlation Module SQL Injection and Command Injection Vulnerabilities |
| # Author : indoushka |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.1 (64 bits) |
| # Vendor : https://www.unicornscan.org/ |
=============================================================================================================================================

[+] References : https://packetstorm.news/files/id/34550/

[+] Summary : This analysis examines a PHP script from the Unicornscan network reconnaissance tool (circa 2004) that contains severe security vulnerabilities.
The code is intended for querying and correlating scan data but is fundamentally insecure due to improper input handling.

1. SQL Injection (Critical)

Location: db2response() function calls with raw user input

Impact: Full database compromise, data exfiltration, unauthorized access

Root Cause: Direct usage of $_POST/$_GET arrays without sanitization

2. Potential Command Injection

Location: banner and os parameters

Impact: Remote code execution on server

Root Cause: Lack of input validation on regex pattern fields

3. Cross-Site Scripting (XSS)

Location: urldecode() calls without output encoding

Impact: Client-side script execution, session hijacking

4. Insecure Direct Object References

Location: Direct database queries with user-controlled parameters

Impact: Unauthorized data access

[+] Attack Vectors :

SQL Injection Examples:

POST /scan_data/data_select.php
host_addr=' UNION SELECT 1,2,3,4,5,6,7,8,@@version,10--

[+] Data Exfiltration:

GET /scan_data/data_select.php?host_addr=1' OR 1=1&mask=1

[+] Risk Assessment :

Vulnerability Severity Exploit Complexity Impact
SQL Injection Critical Low Complete system compromise
Command Injection High Medium Server takeover
XSS Medium Low Client-side attacks

[+] Root Causes :

No Input Validation: Complete trust in user-supplied data

No Parameterized Queries: Direct string concatenation in SQL

No Output Encoding: Raw data displayed to users

Age of Code: Written before modern security practices (2004)

[+] Immediate Actions:

Remove from production environments

Implement parameterized queries

Apply strict input validation

Add output encoding

[+] Long-term Solutions:

Complete code rewrite using modern frameworks

Implement proper authentication/authorization

Regular security audits

Dependency updates

[+] Conclusion :

This legacy code represents a critical security risk and should be immediately isolated from any production systems.
The vulnerabilities are trivial to exploit and could lead to complete system compromise. Modern security practices must replace these antiquated coding patterns.

Greetings to :=====================================================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
===================================================================================================

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.