Secunia Research: WhatsUp Professional "Login.asp" SQL Injection

====================================================================== 

                     Secunia Research 23/06/2005

         - WhatsUp Professional "Login.asp" SQL Injection -

====================================================================== 
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

====================================================================== 
1) Affected Software 

WhatsUp Professional 2005 SP1

NOTE: Other versions may also be affected.

====================================================================== 
2) Severity 

Rating: Less critical 
Impact: SQL Injection
Where:  Local Network

====================================================================== 
3) Vendor's Description of Software 

"WhatsUp Professional is Ipswitch's next generation network management
solution for small and midsized organizations".

Product Link:
http://www.ipswitch.com/Products/WhatsUp/professional/index.html

====================================================================== 
4) Description of Vulnerability

Secunia Research has discovered a vulnerability in Ipswitch WhatsUp
Professional, which can be exploited by malicious people to conduct
SQL injection attacks.

Input passed in the "User Name" field in "NmConsole/Login.asp" is not
properly sanitised before being used in a SQL query. This can be
exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation e.g. allows changing the password of arbitrary
accounts, thereby making it possible to gain unauthorised
administrative access.

The vulnerability has been confirmed in version 2005 SP1. Other
versions may also be affected.

====================================================================== 
5) Solution 

Apply Service Pack 1a.

====================================================================== 
6) Time Table 

26/05/2005 - Vendor notified.
26/05/2005 - Vendor response.
23/06/2005 - Public disclosure.

====================================================================== 
7) Credits 

Discovered by Carsten Eiram, Secunia Research.

====================================================================== 
8) References

The Common Vulnerabilities and Exposures (CVE) project has assigned 
candidate number CAN-2005-1938 for the vulnerability.

====================================================================== 
9) About Secunia 

Secunia collects, validates, assesses, and writes advisories regarding 
all the latest software vulnerabilities disclosed to the public. These 
advisories are gathered in a publicly available database at the 
Secunia website: 

http://secunia.com/

Secunia offers services to our customers enabling them to receive all 
relevant vulnerability information to their specific system 
configuration. 

Secunia offers a FREE mailing list called Secunia Security Advisories: 

http://secunia.com/secunia_security_advisories/

====================================================================== 
10) Verification 

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2005-13/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================