Articles with tag: Referer
POSTED BY: Dimitrios Glynos / 03.10.2011

Netvolution referer header SQL injection vulnerability

CENSUS ID:CENSUS-2011-0001
CVE ID:CVE-2011-3340
Affected Products:Netvolution v2.5.8 (ASP). Other versions may also be vulnerable.
Class:Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) (CWE-89)
Remote:Yes
Discovered by:Patroklos Argyroudis
Researched and Exploited by:Dimitris Glynos

Netvolution v2.5.8 is vulnerable to a blind SQL injection attack in the HTTP “referer” header. A malicious user may utilize this vulnerability to modify content on the vulnerable website, inject malicious javascript code to a visitor’s browser, collect CMS usernames and plaintext passwords and, in some cases, execute commands on the system hosting the database server. This is a critical vulnerability since it does not require authentication and its exploitation may go undetected.