Title -----
DDIVRT-2009-25 IPsession SQL Injection Vulnerability Severity -------- Medium Date Discovered --------------- March 31, 2009 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: David Marshall and r...@b13$ Vulnerability Description ------------------------- IPsession runs a web interface on port 8090 that requires valid login credentials. This interface uses user supplied input to form a database query and is vulnerable to SQL injection. This may be used to bypass authentication. Solution Description -------------------- Limit access to the login page to internal networks and trusted users only. Tested Systems / Software (with versions) ------------------------------------------ Unknown version on Windows 2003 Vendor Contact -------------- Name: IPcelerate Website: http://www.ipcelerate.com/ipsession.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
