RJ-iTop Network Vulnerability Scanner System Multiple SQL Injection Vulnerabilities Vulnerable: v3.0.7.x Vendor: www.rj-itop.com Category: Input Validation Error Impact: SQL injection Details: ========= Multiple SQL Injection Vulnerabilities has been found in DRJ-iTop Network Vulnerability Scanner System, which can be exploited by malicious users to conduct SQL injection and script insertion attacks. Authentication is required to exploit these vulnerabilities. POC: ========= https://8.8.8.8/roleManager.jsp?type=query&id= [SQL Injection] Timeline: ======== 2009.10.19 Report to vendor (but vender did not respond) 2009.11.15 Report to vendor second times 2009.11.19 Report to CNNVD 2010.04.13 Public