Multiple SQL Injection in PHP/MYSQL Timesheet

Summary

Vulnerability
Multiple SQL Injection in PHP/MYSQL Timesheet
Discovered
2006.02.07
Last Update
2006.02.17 Exploitation code published
ID
EV0067
CVE
CVE-2006-0692
Risk Level
medium
Type
SQL Injection
Status
Unpatched. No reply from developer(s)
Vendor
n/a
Vulnerable Software
PHP/MYSQL Timesheet (http://www.geocities.com/night247/)
Version
V1, V2
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

SQL Injection found in PHP/MYSQL Timesheet (http://www.geocities.com/night247/) script.

Vulnerable scripts:
index.php
changehrs.php

Variables $yr $month $day $job are not properly sanitized before being used in a SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.

Condition: magic_quotes_gpc - off

PoC/Exploit

SQL Injection Examples:

http://host/timesheet/index.php?j=composites&m=03&y=1'%20union%20select%201,2,3,4,5/*

http://host/timesheet/changehrs.php?edit=1&m=1'%20union%20select%201,2,3,4,5,'Vulnerable',7/*

Solution.

Solution for "Multiple SQL Injection in PHP/MYSQL Timesheet" is not available. Check vendor's website for updates.

Order Source Code Analysis

Defend against hacker attacks by source code analysis of your site done by Aliaksandr Hartsuyeu.The work will be done by specialists in web application security.

Advisories by vuln type

Website Monitoring

Daily malware scanning. Allows to receive alerts about security problems in your website.
Details >>

Malicious redirects detected?

eVuln team will eliminate the reason, clean your website and monitor it.
Details >>

Website blacklisted?

eVuln team will clean your website, discover and fix security holes, remove from blacklists.
Details >>