DDIVRT-2009-25 IPsession SQL Injection Vulnerability
March 31, 2009
Digital Defense, Inc. Vulnerability Research Team Credit: David Marshall and r@b13$
IPsession runs a web interface on port 8090 that requires valid login credentials. This interface uses user supplied input to form a database query and is vulnerable to SQL injection. This may be used to bypass authentication.
Limit access to the login page to internal networks and trusted users only.
Unknown version on Windows 2003
Name: IPcelerate Website: http://www.ipcelerate.com/ipsession.html