RJ-iTop Network Vulnerability Scanner System – Multiple SQL Injections

Exploit Database
40 阅读

作者： wsn1983

日期： 2010-04-14
类别：
- webapps
平台：
- jsp
来源：https://www.exploit-db.com/exploits/12242/

RJ-iTop Network Vulnerability Scanner System Multiple SQL Injection Vulnerabilities



Vulnerable: v3.0.7.x

Vendor:www.rj-itop.com<http://www.rj-itop.com>

Category: Input Validation Error

Impact: SQL injection



Details:

=========

Multiple SQL Injection Vulnerabilities has been found in DRJ-iTop Network Vulnerability Scanner System&#65292; which can be exploited by malicious users to conduct SQL injection and script insertion attacks.

Authentication is required to exploit these vulnerabilities.



POC:

=========

https://8.8.8.8/roleManager.jsp?type=query&id= [SQL Injection]





Timeline:

========

2009.10.19 Report to vendor (but vender did not respond)

2009.11.15 Report to vendor second times

2009.11.19 Report to CNNVD

2010.04.13 Public

last Exploits
RJ-iTop Network Vulnerability Scanner System – Multiple SQL Injections的更多信息

WordPress Plugin ThinkIT 0.1 – Multiple Vulnerabilities：
MediaInSpot CMS – Local File Inclusion (2)：
Employee Task Management System v1.0 – Broken Authentication：
Fortinet Fortimail 7.0.1 – Reflected Cross-Site Scripting (XSS)：
Liferay Portal 5.1.2 – Persistent Cross-Site Scripting：
WHMCompleteSolution (WHMCS) – ‘boleto_bb.php’ SQL Injection：
Joomla! Component GMapFP 3.30 – Arbitrary File Upload：
Intel Modular Server System 10.18 – Cross-Site Request Forgery (Change Admin Password)：