AOH :: HP Unsorted L :: BT-21286.HTM

LogRover SQL Injection Authentication Bypass



DDIVRT-2009-26 LogRover SQL Injection Authentication Bypass
DDIVRT-2009-26 LogRover SQL Injection Authentication Bypass



Title=0D
-----=0D
DDIVRT-2009-26 LogRover SQL Injection Authentication Bypass=0D
=0D
Severity=0D
--------=0D
Medium=0D
=0D
Date Discovered=0D
---------------=0D
May 12, 2009=0D
=0D
Discovered By=0D
-------------=0D
Digital Defense, Inc. Vulnerability Research Team=0D
Credit: Geoff Humes and r@b13$=0D
=0D
Vulnerability Description=0D
-------------------------=0D
The login screen of the LogRover web interface is vulnerable to a SQL Injection which can allow remote attackers to login to the system via an authentication bypass.=0D
=0D
Solution Description=0D
--------------------=0D
Limit access to the login page to internal networks and trusted users only.=0D
=0D
Tested Systems / Software (with versions)=0D
------------------------------------------=0D
LogRover version 2.3 for Windows XP=0D
=0D
Vendor Contact=0D
--------------=0D
Name: LogRover=0D
Website: http://www.logrover.com/=0D 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.