Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:21864
HistoryMay 21, 2009 - 12:00 a.m.

DDIVRT-2009-25 IPsession SQL Injection Vulnerability

2009-05-2100:00:00
vulners.com
28

Title

DDIVRT-2009-25 IPsession SQL Injection Vulnerability

Severity

Medium

Date Discovered

March 31, 2009

Discovered By

Digital Defense, Inc. Vulnerability Research Team
Credit: David Marshall and r@b13$

Vulnerability Description

IPsession runs a web interface on port 8090 that requires valid login credentials. This interface uses user supplied
input to form a database query and is vulnerable to SQL injection. This may be used to bypass authentication.

Solution Description

Limit access to the login page to internal networks and trusted users only.

Tested Systems / Software (with versions)

Unknown version on Windows 2003

Vendor Contact

Name: IPcelerate
Website: http://www.ipcelerate.com/ipsession.html