NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2010-04

RJ-iTop Network Vulnerability Scanner System Multiple SQL Injection Vulnerabilities

wsn1983gmail.com
Date: Wed Apr 14 2010 - 08:12:08 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

RJ-iTop Network Vulnerability Scanner System Multiple SQL Injection Vulnerabilities

Vulnerable: v3.0.7.x
Vendor: www.rj-itop.com
Category: Input Validation Error
Impact: SQL injection

Details:
=========
Multiple SQL Injection Vulnerabilities has been found in DRJ-iTop Network Vulnerability Scanner System，
which can be exploited by malicious users to conduct SQL injection and script insertion attacks.
Authentication is required to exploit these vulnerabilities.

POC:
=========
https://8.8.8.8/roleManager.jsp?type=query&id= [SQL Injection]

Timeline:
========
2009.10.19 Report to vendor (but vender did not respond)
2009.11.15 Report to vendor second times
2009.11.19 Report to CNNVD
2010.04.13 Public

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]