DevTrack Web Service UserName Field SQL Injection

high Nessus Plugin ID 24322

Synopsis

The remote web server contains an ASP application that is affected by a SQL injection vulnerability.

Description

The remote host is running DevTrack, a defect and project tracking tool.

The DevTrack Web Services component installed on the remote host contains an ASP script that fails to sanitize user-supplied input to the 'UserName' parameter before using it in a database query. An unauthenticated, remote attacker may be able to leverage this flaw to manipulate SQL queries and uncover sensitive information, modify data, or even launch attacks against the underlying database.

Solution

The vendor is rumoured to be incorporating a fix into DevTrack version 6.2.

Plugin Details

Severity: High

ID: 24322

File Name: devtrack_username_sql_injection.nasl

Version: 1.20

Type: remote

Family: CGI abuses

Published: 2/9/2007

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:techexcel_inc.:devtrack

Required KB Items: www/ASP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2/8/2007

Reference Information

CVE: CVE-2007-0853

BID: 22460