======================================================================
Secunia Research 23/06/2005
- WhatsUp Professional "Login.asp" SQL Injection -
======================================================================
Table of Contents
Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10
======================================================================
1) Affected Software
WhatsUp Professional 2005 SP1
NOTE: Other versions may also be affected.
======================================================================
2) Severity
Rating: Less critical
Impact: SQL Injection
Where: Local Network
======================================================================
3) Vendor's Description of Software
"WhatsUp Professional is Ipswitch's next generation network management
solution for small and midsized organizations".
Product Link:
http://www.ipswitch.com/Products/WhatsUp/professional/index.html
======================================================================
4) Description of Vulnerability
Secunia Research has discovered a vulnerability in Ipswitch WhatsUp
Professional, which can be exploited by malicious people to conduct
SQL injection attacks.
Input passed in the "User Name" field in "NmConsole/Login.asp" is not
properly sanitised before being used in a SQL query. This can be
exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation e.g. allows changing the password of arbitrary
accounts, thereby making it possible to gain unauthorised
administrative access.
The vulnerability has been confirmed in version 2005 SP1. Other
versions may also be affected.
======================================================================
5) Solution
Apply Service Pack 1a.
======================================================================
6) Time Table
26/05/2005 - Vendor notified.
26/05/2005 - Vendor response.
23/06/2005 - Public disclosure.
======================================================================
7) Credits
Discovered by Carsten Eiram, Secunia Research.
======================================================================
8) References
The Common Vulnerabilities and Exposures (CVE) project has assigned
candidate number CAN-2005-1938 for the vulnerability.
======================================================================
9) About Secunia
Secunia collects, validates, assesses, and writes advisories regarding
all the latest software vulnerabilities disclosed to the public. These
advisories are gathered in a publicly available database at the
Secunia website:
http://secunia.com/
Secunia offers services to our customers enabling them to receive all
relevant vulnerability information to their specific system
configuration.
Secunia offers a FREE mailing list called Secunia Security Advisories:
http://secunia.com/secunia_security_advisories/
======================================================================
10) Verification
Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2005-13/
Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/
======================================================================
|
