oss-sec mailing list archives

Re: CVE-request: Timesheet Next Gen 1.5.2 Multiple SQLi

From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 16 Apr 2012 13:23:39 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/16/2012 04:55 AM, Henri Salo wrote:

Can I get one 2012 CVE-identifier for Timesheet Next Gen 1.5.2
multiple SQL-injections. Thomas Richards said the vendor is working
on the patch.

http://sourceforge.net/apps/mantisbt/tsheetx/view.php?id=122 
http://osvdb.org/show/osvdb/79804 
http://secunia.com/advisories/48239/


Please use CVE-2012-2105 for this issue.


- Henri Salo

http://seclists.org/bugtraq/2012/Mar/10 """ # Exploit Title:
Timesheet Next Gen 1.5.2 Multiple SQLi # Date: 02/23/12 # Author:
G13 # Software Link: https://sourceforge.net/projects/tsheetx/ #
Version: 1.5.2 # Category: webapps (php) #

##### Vulnerability #####

The login.php page has multiple SQL injection vulnerabilities.
Both the 'username' and 'password' parameters are vulnerable to SQL
Injection.

The vulnerability exists via the POST method.

##### Vendor Notification #####

02/23/12 - Vendor Notified 02/26/12 - Email sent to each developer,
developer responds 02/29/12 - Confirmation by developer requested 
03/02/12 - Disclosure

##### Exploit #####

http://localhost/timesheet/

POST /timesheet/login.php HTTP/1.1 Host: localhost User-Agent:
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:10.0.2) Gecko/20100101
Firefox/10.0.2 Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 
Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip, deflate 
Connection: keep-alive Referer:
http://localhost/timesheet/login.php Cookie:
PHPSESSID=3b624f789e37fa3bdade432da Content-Type:
application/x-www-form-urlencoded Content-Length: 52 
redirect=&username=[SQLi]&password=[SQLi]&Login=submit """



- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPjHG7AAoJEBYNRVNeJnmTEHwP/jkc3Po69ABXHlALzjsKT/gp
dkXNjRFJ0C6KABlVGw9332aMHCiQr/vBPpIYoRjsfg/loHpFZNTaGl/HXntQ99bS
20NkxK352P/xUs4Q7CsksH+HFRwHXqpmt8YhZ/zM+qw0UnoHOso5gkH6iWJky4Th
PzIygF+bORi6vWLGcMbYAmr5lABT7abd6AfwlDE8h6jWZJEymA4SWfToZF8t55AH
6UAqVDUT70KBF/2B1+P4zJrreuWrF+fw9LBMXzaovaMVqe6FIW+3QP0DWMbaoOKo
rYmgBh4/NCFXtmMPNWAgTlNyYacarHPeX5icvmfwDFubpZSCx1bZ9BV93anu8lz1
4R6y/c0+Im4m6EU2mfIb2qdy9t+Iuovg25+lt3AEfZsZUh7i1gVoAw8g1lLGidrM
XHvwwvQyKp87f+/+cGOFLN/z5+l8xwiwnBa7h1i7h1f4uHPEGA3GAZUx3Jb7QH8C
KV6MKi5CXNdcLuf0IvCGR5C+KVKhxfbhqxX2Wi314XVigCeG6Cz21tm7SFbjOnLW
29ei1YoT0Zf/kSnKsHtqAU7Dn4lCUe8eRuAxtzHjawtA3IxFn/HftiX7un0v5pnJ
xcVdZzcVZJrh1YOb4Iefbdl/tENGlYyRuzjwY8EEglabKjIbDU9ANlaAbUGDtuoF
mxbMgZn4Pl7d9S4dmSNj
=pmAT
-----END PGP SIGNATURE-----

Current thread:

CVE-request: Timesheet Next Gen 1.5.2 Multiple SQLi Henri Salo (Apr 16)
- Re: CVE-request: Timesheet Next Gen 1.5.2 Multiple SQLi Kurt Seifried (Apr 16)