Timesheet 1.2.1 Blind SQL Injection Vulnerability

2006.09.12
Credit: Secaware Research
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2006-4705
CWE: CWE-89


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

About: Timesheet.php is a PHP application designed to keep track of the hours worked by multiple people on multiple projects. It allows users to log in through their web browser and manage the times that they are clocked on or clocked off. Description: A vulnerability can be found on the file login.php on $_POST['username'] variable. When magic_quotes_gpc is set to Off an intruder can trigger a blind sql injection. Escalation: 1. Disclosure of administrator username and password hash (MD5, PASSWORD) credentials. 2. Remote code execution in case the intruder knows where to save the output of the sql injection on the local path. Solution: Create addslashes function that will filter the $_POST and $_GET variables. Vendor: http://sourceforge.net/projects/tsheet dwayner79 at users.sourceforge.net vexil at users.sourceforge.net Time table: Notified: 09/04/2006 Response: No Response Public disclosure: 09/05/2006 Updates: N/A Credits: Research By: Secaware Research Research Site: http://secaware.blogspot.com Research Mail: secaware2006 at yahoo dot com References: http://secaware.blogspot.com/2006/09/timesheet-121-blind-sql-injection.h tml


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top