Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: attack

DevTrack Web Service UserName SQL Injection Vulnerability Vulnerability Scan

Vulnerability Scan Summary
Tries to generate a SQL error using DevTrack Web Service

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains an ASP application that is affected by
a SQL injection vulnerability.

Description :

The remote host is running DevTrack, a defect and project tracking

The DevTrack Web Services component installed on the remote host
contains an ASP script that fails to sanitize user-supplied input to
the 'UserName' parameter before using it in a database query. An
unauthenticated remote attacker may be able to leverage this flaw to
manipulate SQL queries and uncover sensitive information, modify data,
or even launch attacks against the underlying database.

Solution :

The vendor is rumoured to be incorporating a fix into DevTrack version

Threat Level:

High / CVSS Base Score : 7.0

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.