TUCoPS :: HP Unsorted R :: bx6131.htm

RJ-iTop Network Vulnerability Scanner System Multiple SQL Injection Vulnerabilities
RJ-iTop Network Vulnerability Scanner System Multiple SQL Injection Vulnerabilities
RJ-iTop Network Vulnerability Scanner System Multiple SQL Injection Vulnerabilities


RJ-iTop Network Vulnerability Scanner System Multiple SQL Injection Vulnerabilities


Vulnerable: v3.0.7.x 
Vendor: www.rj-itop.com 
Category: Input Validation Error
Impact:   SQL injection


Details:
========Multiple SQL Injection Vulnerabilities has been found in DRJ-iTop Network Vulnerability Scanner System,
which can be exploited by malicious users to conduct SQL injection and script insertion attacks.
Authentication is required to exploit these vulnerabilities.

POC: 
========https://8.8.8.8/roleManager.jsp?type=query&id= [SQL Injection]


Timeline:
=======2009.10.19   Report to vendor (but vender did not respond)
2009.11.15   Report to vendor second times
2009.11.19   Report to CNNVD
2010.04.13   Public

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH