Signature Detail

HTTP: WhatsUp Web Interface SQL Injection

This signature detects SQL injection attempts against Ipswitch WhatsUp Professional. WhatsUp does not sufficiently validate user-supplied data submitted through the WhatsUP Web interface. Attackers can input malformed data to execute arbitrary SQL statements in the WhatsUp database.

Extended Description

WhatsUp Professional is prone to an SQL injection vulnerability affecting its Web-based front end. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'login.asp' script before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. It should be noted that by supplying a 'or' value through the 'password' parameter, an attacker can gain unauthorized access to an affected site.

Affected Products

• Ipswitch WhatsUp Professional 2005 SP1

References

• BugTraq: 14039
• CVE: CVE-2005-1250
• URL: http://www.idefense.com/application/poi/display?id=268