NASLDB: DevTrack Web Service UserName Field SQL Injection
General
ID: 24322
Name: DevTrack Web Service UserName Field SQL Injection
Summary: Tries to generate a SQL error using DevTrack Web Service
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Temporal Vector: CVSS2#E:F/RL:OF/RC:C
Port: 80
Family: CGI abuses
Type: Remote
Description
The remote host is running DevTrack, a defect and project tracking
tool.
The DevTrack Web Services component installed on the remote host
contains an ASP script that fails to sanitize user-supplied input to
the ‘UserName’ parameter before using it in a database query. An
unauthenticated, remote attacker may be able to leverage this flaw to
manipulate SQL queries and uncover sensitive information, modify data,
or even launch attacks against the underlying database.
Exploiting
Exploit Available: True
Exploitability Ease: Exploits are available
Sources
CVE: CVE-2007-0853
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: 2007/02/08
Patch Release: –
Plugin Release: 2007/02/09
Plugin
Version: 1.16
Filename: devtrack_username_sql_injection.nasl
Filesize: 3252 bytes
MD5 Hash: eca44f049d11dcb3e43af03fd6b99fc5
Identification: –
Require Keys: www/ASP
Dependencies: "http_version.nasl"
Copyright: This script is Copyright© 2007-2012 Tenable Network Security, Inc.
- Letzte Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack