|
Full Disclosure
mailing list archives
DDIVRT-2009-26 LogRover SQL Injection Authentication Bypass
From: "DDI_Vulnerability_Alert" <DDI.VulnerabilityAlert () ddifrontline com>
Date: Mon, 13 Jul 2009 10:15:25 -0500
Title
-----
DDIVRT-2009-26 LogRover SQL Injection Authentication Bypass
Severity
--------
Medium
Date Discovered
---------------
May 12, 2009
Discovered By
-------------
Digital Defense, Inc. Vulnerability Research Team
Credit: Geoff Humes and r () b13$
Vulnerability Description
-------------------------
The login screen of the LogRover web interface is vulnerable to a SQL
Injection which can allow remote attackers to login to the system via an
authentication bypass.
Solution Description
--------------------
Limit access to the login page to internal networks and trusted users
only.
Tested Systems / Software (with versions)
------------------------------------------
LogRover version 2.3 for Windows XP
Vendor Contact
--------------
Name: LogRover
Website: http://www.logrover.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
- DDIVRT-2009-26 LogRover SQL Injection Authentication Bypass DDI_Vulnerability_Alert (Jul 13)
| 
