Help Desk Pro Login SQL Injection

2004-06-26T00:00:00
ID OSVDB:7270
Type osvdb
Reporter D'Amato Luigi(admin@securitywireless.info)
Modified 2004-06-26T00:00:00

Description

Vulnerability Description

Help Desk Pro contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is due to the improper login validation in the login page, which could allow a remote attacker to bypass authentication settings, resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, WebSoft has released a patch to address this vulnerability.

Short Description

Help Desk Pro contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is due to the improper login validation in the login page, which could allow a remote attacker to bypass authentication settings, resulting in a loss of integrity.

References:

Vendor URL: http://www.websoft.it/siteWS/htmlversion/home.asp Security Tracker: 1010590 Secunia Advisory ID:11952 Other Advisory URL: http://www.zone-h.org/en/advisories/read/id=4891/ ISS X-Force ID: 16519 Bugtraq ID: 10613