LogiSense multiple application login form SQL injection

logisense-sql-injection (9268) The risk level is classified as MediumMedium Risk

Description:

The LogiSense DNS Manager System, Hawk-i Billing, and Hawk-i ASP are vulnerable to SQL injection in the ASP-based login forms. A remote attacker could insert malicious characters in the password field to modify SQL queries and gain unauthorized access to the program.

Platforms Affected:

  • LogiSense, LogiSense DNS Manager System
  • LogiSense, LogiSense Hawk-i ASP
  • LogiSense, LogiSense Hawk-i Billing

Remedy:

Install the latest version of the software, or apply the the latest SQL injection patch. Hawk-i 4.x and Hawk-i 5.x users may download the SQL injection patch from the Hawk-i ISP Billing support page. See References.

Consequences:

Gain Access

References:

Reported:

Jun 04, 2002

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page