DDIVRT-2009-26 LogRover SQL Injection Authentication Bypass
Medium
May 12, 2009
Digital Defense, Inc. Vulnerability Research Team
Credit: Geoff Humes and r@b13$
The login screen of the LogRover web interface is vulnerable to a SQL Injection which can allow remote attackers to
login to the system via an authentication bypass.
Limit access to the login page to internal networks and trusted users only.
LogRover version 2.3 for Windows XP
Name: LogRover
Website: http://www.logrover.com/