RJ-iTop Network Vulnerability Scanner System – Multiple SQL Injections

• Exploit Database
• 122 阅读

• 作者： wsn1983
  日期： 2010-04-14
• 类别：

  • webapps
  平台：

  • jsp
• 来源：https://www.exploit-db.com/exploits/12242/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46

  RJ-iTop Network Vulnerability Scanner System Multiple SQL Injection Vulnerabilities       Vulnerable: v3.0.7.x   Vendor:www.rj-itop.com<http://www.rj-itop.com>   Category: Input Validation Error   Impact: SQL injection       Details:   =========   Multiple SQL Injection Vulnerabilities has been found in DRJ-iTop Network Vulnerability Scanner System&#65292; which can be exploited by malicious users to conduct SQL injection and script insertion attacks.   Authentication is required to exploit these vulnerabilities.       POC:   =========   https://8.8.8.8/roleManager.jsp?type=query&id= [SQL Injection]           Timeline:   ========   2009.10.19 Report to vendor (but vender did not respond)   2009.11.15 Report to vendor second times   2009.11.19 Report to CNNVD   2010.04.13 Public