AOH :: HP Unsorted R :: BX6131.HTM

RJ-iTop Network Vulnerability Scanner System Multiple SQL Injection Vulnerabilities



RJ-iTop Network Vulnerability Scanner System Multiple SQL Injection Vulnerabilities
RJ-iTop Network Vulnerability Scanner System Multiple SQL Injection Vulnerabilities



RJ-iTop Network Vulnerability Scanner System Multiple SQL Injection Vulnerabilities


Vulnerable: v3.0.7.x 
Vendor: www.rj-itop.com 
Category: Input Validation Error
Impact:   SQL injection


Details:
========Multiple SQL Injection Vulnerabilities has been found in DRJ-iTop Network Vulnerability Scanner System,
which can be exploited by malicious users to conduct SQL injection and script insertion attacks.
Authentication is required to exploit these vulnerabilities.

POC: 
========https://8.8.8.8/roleManager.jsp?type=query&id= [SQL Injection]


Timeline:
=======2009.10.19   Report to vendor (but vender did not respond)
2009.11.15   Report to vendor second times
2009.11.19   Report to CNNVD
2010.04.13   Public

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.