Synopsis
The remote web server contains an ASP script that is prone to SQL injection attacks.
Description
The remote host is running PatchLink Update Server, a patch and vulnerability management solution.
The version of PatchLink Update Server installed on the remote fails to sanitize user-supplied input to the 'agentid' and 'pass' parameters of the '/dagent/downloadreport.asp' script before using it to construct database queries. An unauthenticated attacker can exploit this flaw to manipulate database queries, which might lead to disclosure of sensitive information, modification of data, or attacks against the underlying database.
Note that Novell ZENworks Patch Management is based on PatchLink Update server and is affected as well.
Solution
Upgrade to version 6.3.2.700 if using Novell ZENworks Patch Management.
Plugin Details
File Name: plus_downloadreport_sql_injections.nasl
Supported Sensors: Nessus
Risk Information
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:novell:zenworks_patch_management_server
Required KB Items: www/ASP
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Ease: No exploit is required
Vulnerability Publication Date: 12/7/2006