AOH :: HP Unsorted T :: B06-4653.HTM

Timesheet 1.2.1 Blind SQL Injection Vulnerability



Timesheet 1.2.1 Blind SQL Injection Vulnerability
Timesheet 1.2.1 Blind SQL Injection Vulnerability



About:

Timesheet.php is a PHP application designed to keep track of the hours worked by multiple people on multiple projects. It allows users to log in through their web browser and manage the times that they are clocked on or clocked off.

Description:

A vulnerability can be found on the file login.php on $_POST['username'] variable. When magic_quotes_gpc is set to Off an intruder can trigger a blind sql injection.

Escalation:

1. Disclosure of administrator username and password hash (MD5, PASSWORD) credentials.
2. Remote code execution in case the intruder knows where to save the output of the sql injection on the local path.

Solution:

Create addslashes function that will filter the $_POST and $_GET variables.

Vendor:

http://sourceforge.net/projects/tsheet
dwayner79 at users.sourceforge.net
vexil at users.sourceforge.net

Time table:

Notified: 09/04/2006
Response: No Response
Public disclosure: 09/05/2006
Updates: N/A

Credits:

Research By: Secaware Research
Research Site: http://secaware.blogspot.com
Research Mail: secaware2006 at yahoo dot com

References:

http://secaware.blogspot.com/2006/09/timesheet-121-blind-sql-injection.html 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.