Multiple SQL Injection in PHP/MYSQL Timesheet
- Multiple SQL Injection in PHP/MYSQL Timesheet
- Last Update
- 2006.02.17 Exploitation code published
- Risk Level
- SQL Injection
- Unpatched. No reply from developer(s)
- Vulnerable Software
- PHP/MYSQL Timesheet (http://www.geocities.com/night247/)
- V1, V2
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
SQL Injection found in PHP/MYSQL Timesheet (http://www.geocities.com/night247/) script.Vulnerable scripts:
Variables $yr $month $day $job are not properly sanitized before being used in a SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.
Condition: magic_quotes_gpc - off
PoC/ExploitSQL Injection Examples:
Solution for "Multiple SQL Injection in PHP/MYSQL Timesheet" is not available. Check vendor's website for updates.
Order Source Code Analysis
Defend against hacker attacks by source code analysis of your site done by Aliaksandr Hartsuyeu.The work will be done by specialists in web application security.