Multiple SQL Injection in PHP/MYSQL Timesheet
Summary
- Vulnerability
- Multiple SQL Injection in PHP/MYSQL Timesheet
- Discovered
- 2006.02.07
- Last Update
- 2006.02.17 Exploitation code published
- ID
- EV0067
- CVE
- CVE-2006-0692
- Risk Level
- medium
- Type
- SQL Injection
- Status
- Unpatched. No reply from developer(s)
- Vendor
- n/a
- Vulnerable Software
- PHP/MYSQL Timesheet (http://www.geocities.com/night247/)
- Version
- V1, V2
- PoC/Exploit
- Available
- Solution
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
SQL Injection found in PHP/MYSQL Timesheet (http://www.geocities.com/night247/) script.
Vulnerable scripts:
index.php
changehrs.php
Variables $yr $month $day $job are not properly sanitized before being used in a SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.
Condition: magic_quotes_gpc - off
PoC/Exploit
SQL Injection Examples:
http://host/timesheet/index.php?j=composites&m=03&y=1'%20union%20select%201,2,3,4,5/*
http://host/timesheet/changehrs.php?edit=1&m=1'%20union%20select%201,2,3,4,5,'Vulnerable',7/*
Solution.
Solution for "Multiple SQL Injection in PHP/MYSQL Timesheet" is not available. Check vendor's website for updates.