|
|
 |
| New User, Welcome! Login |
RJ-iTop Network Vulnerability Scanner System Multiple SQL Injection Vulnerabilities
| From: |
wsn1983 gmail com |
| To: |
bugtraq securityfocus com |
| Cc: |
|
| Subject: |
RJ-iTop Network Vulnerability Scanner System Multiple SQL Injection Vulnerabilities |
| Date: |
Wed - Apr 14, 2010 06:08 AM |
RJ-iTop Network Vulnerability Scanner System Multiple SQL Injection Vulnerabilities
Vulnerable: v3.0.7.x
Vendor: www.rj-itop.com
Category: Input Validation Error
Impact: SQL injection
Details:
=========
Multiple SQL Injection Vulnerabilities has been found in DRJ-iTop Network Vulnerability Scanner System,
which can be exploited by malicious users to conduct SQL injection and script insertion attacks.
Authentication is required to exploit these vulnerabilities.
POC:
=========
https://8.8.8.8/roleManager.jsp?type=query&id= [SQL Injection]
Timeline:
========
2009.10.19 Report to vendor (but vender did not respond)
2009.11.15 Report to vendor second times
2009.11.19 Report to CNNVD
2010.04.13 Public
|
|
|
Copyright © 1995-2012 LinuxRocket.net. All rights reserved.
Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!
