### RXTEC_20150513 #### Title: SQL injection vulnerability in the RXTEC RXAdmin Login Page allows remote attackers to execute arbitrary SQL commands via several HTTP parameter. #### Type of vulnerability: SQL injection ##### Attack outcome: It is possible to extract all information from the database in use by the application. Depending on the configuration of the SQL server arbitrary code execution might be possible. #### Impact: Critical #### Software/Product name: RXTEC RXAdmin Login #### Affected versions: UPDATE : 06 / 2012 #### Fixed in version: *unknown* #### Vendor: RXTEC (www.rxtec.net) #### CVE number: CVE-2015-8298 #### Timeline * `2015-04-30` identification of vulnerability * `2015-05-11` vendor contact (won't fix because of outdated version) * `2015-07-14` contact cve-request@mitre. #### Credits: Thomas Konrad `tkonrad@xxxxxxxxxxxxxxxx` (SBA Research) #### Description: The following parameters are affectey by the vulnerability: * /index.htm (loginpassword parameter) * /index.htm (loginusername parameter) * /index.htm (zusätzlicher parameter) * /index.htm (zusätzlicher parameter) * /index.htm (rxtec cookie) * /index.htm (groupid parameter) #### Proof-of-concept: *none*
Attachment:
0x58F775B2.asc
Description: application/pgp-keys
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/