Timesheet Next Gen 1.5.2 Multiple SQLi

vendor:

Timesheet Next Gen

by:

G13

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Timesheet Next Gen

Affected Version From: 1.5.2

Affected Version To: 1.5.2

Patch Exists: YES

Related CWE: N/A

CPE: a:timesheet_next_gen:timesheet_next_gen:1.5.2

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2012

Timesheet Next Gen 1.5.2 Multiple SQLi

The login.php page has multiple SQL injection vulnerabilities. Both the 'username' and 'password' parameters are vulnerable to SQL Injection. The vulnerability exists via the POST method.

Mitigation:

Input validation and sanitization should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

# Exploit Title: Timesheet Next Gen 1.5.2 Multiple SQLi
# Date: 02/23/12
# Author: G13
# Software Link: https://sourceforge.net/projects/tsheetx/
# Version: 1.5.2
# Category: webapps (php)
#

##### Vulnerability #####

The login.php page has multiple SQL injection vulnerabilities. Both
the 'username' and 'password'
parameters are vulnerable to SQL Injection.

The vulnerability exists via the POST method.

##### Vendor Notification #####

02/23/12 - Vendor Notified
02/26/12 - Email sent to each developer, developer responds
02/29/12 - Confirmation by developer requested
03/02/12 - Disclosure

##### Exploit #####

http://localhost/timesheet/

POST /timesheet/login.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:10.0.2)
Gecko/20100101 Firefox/10.0.2
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://localhost/timesheet/login.php
Cookie: PHPSESSID=3b624f789e37fa3bdade432da
Content-Type: application/x-www-form-urlencoded
Content-Length: 52
redirect=&username=[SQLi]&password=[SQLi]&Login=submit