NetUP utm_stat sid Variable SQL Injection

2003-09-20T10:41:04
ID OSVDB:10283
Type osvdb
Reporter Gleb Smirnoff(glebius@cell.sick.ru)
Modified 2003-09-20T10:41:04

Description

Vulnerability Description

NetUP UTM contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'utm_stat' script not properly sanitizing user-supplied input to the 'sid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

NetUP UTM contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'utm_stat' script not properly sanitizing user-supplied input to the 'sid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.

Manual Testing Notes

https://[target]/cgi-bin/utm/utm_stat?cmd=user_report&sid=q%22%20OR%201=1%20OR%20%22q%22=%22q

References:

Vendor URL: http://www.netup.biz/ Secunia Advisory ID:9831 Related OSVDB ID: 2591 Related OSVDB ID: 10284 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-09/0345.html ISS X-Force ID: 13261 Bugtraq ID: 8672