[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RJ-iTop Network Vulnerability Scanner System Multiple SQL Injection Vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: RJ-iTop Network Vulnerability Scanner System Multiple SQL Injection Vulnerabilities
From: wsn1983@xxxxxxxxx
Date: Wed, 14 Apr 2010 07:12:08 -0600

RJ-iTop Network Vulnerability Scanner System Multiple SQL Injection 
Vulnerabilities


Vulnerable: v3.0.7.x 
Vendor:  www.rj-itop.com 
Category: Input Validation Error
Impact:   SQL injection


Details:
=========
Multiple SQL Injection Vulnerabilities has been found in DRJ-iTop Network 
Vulnerability Scanner System&#65292;
which can be exploited by malicious users to conduct SQL injection and script 
insertion attacks.
Authentication is required to exploit these vulnerabilities.

POC: 
=========
https://8.8.8.8/roleManager.jsp?type=query&id= [SQL Injection]


Timeline:
========
2009.10.19   Report to vendor (but vender did not respond)
2009.11.15   Report to vendor second times
2009.11.19   Report to CNNVD
2010.04.13   Public

Prev by Date: Secunia Research: Visualization Library DAT File Parsing Vulnerabilities
Next by Date: [ MDVSA-2010:070 ] firefox
Previous by thread: Secunia Research: Visualization Library DAT File Parsing Vulnerabilities
Next by thread: [ MDVSA-2010:070 ] firefox
Index(es):
- Date
- Thread