DDIVRT-2009-25 IPsession SQL Injection Vulnerability
Medium
March 31, 2009
Digital Defense, Inc. Vulnerability Research Team
Credit: David Marshall and r@b13$
IPsession runs a web interface on port 8090 that requires valid login credentials. This interface uses user supplied
input to form a database query and is vulnerable to SQL injection. This may be used to bypass authentication.
Limit access to the login page to internal networks and trusted users only.
Unknown version on Windows 2003
Name: IPcelerate
Website: http://www.ipcelerate.com/ipsession.html