[原文]SQL injection vulnerability in IP3 Networks NetAccess Appliance before firmware 3.1.18b13 allows remote attackers to bypass authentication via the (1) login or (2) password. NOTE: this issue was later reported to also affect firmware 4.0.34.
This issue has been fixed in firmware version 3.1.18b13. Update: reports indicate that this issue has resurfaced at some point. Version 4.0.34 of the firmware is also susceptible to this issue. The reporter of this issue states that fixes are available to address this and other vulnerabilities. Users are encouraged to contact the vendor for further information on obtaining and applying fixes. For support, see the following URI: http://www.ip3.com/supportoverview.htm
The IP3 NetAccess Appliance is reported prone to a remote SQL-injection vulnerability. This issue is due to the application's failure to properly sanitize user input.
This issue may allow an attacker to gain full control of the appliance through the network-administration interface. The attacker may also be able to influence database queries to view or modify sensitive information, potentially compromising the system or the database.
login : 'or''='
password : 'or''='