lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: Sat, 26 Sep 2015 19:43:12 +0530
From: vishnu raju <rajuvishnu52@...il.com>
To: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org>,
 bugtraq@...urityfocus.com
Subject: [FD] Unauthorized Data Manipulation Vulnerability in Orange HRM

Hi all,

Greetings from Vishnu (@dH4wk)

Vulnerability title: *Unauthorized Data Manipulation Vulnerability*

Vendor: OrangeHRM

Product: HRM s/w

Affected version: 3.3.1 and below

Fixed version: 3.3.2

**Summary**:

  OrangeHRM Open Source is a free HR management system that offers a wealth
of modules to suit the needs of your business. This widely-used system is
feature-rich,
 intuitive and provides an essential HR management platform along with free
documentation and access to a broad community of users.

**Vulnerability Description**:

 The software allows the employer to track their employees attendance. The
feature allows user to punchin and punchout once they are in and out of the
office, respectively. The
vulnerability in the software allows any employee to tamper their
attendance at any time. I am *attaching the screenshots* on how this
vulnerability can be exploited.

The tampering should be done in two request (as seen in the screenshots)
respectively at:
(1) Punchin Request
(2) Puchin Overlapping Validation

**Conclusion**
 This has been reported to Orange HRM and has been fixed on the version
3.3.2

*I appreciate Orange HRM, for the support and immediate response that they
have shown in fixing the issue.*

Happy Hunting!!!

Download attachment "hrm_punchin_overlapping.png" of type "image/png" (67059 bytes)

Download attachment "hrm_punchin.png" of type "image/png" (63225 bytes)


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ