bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/39404.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

37 lines
No EOL
1.1 KiB
Text
Raw Blame History

#############################
Exploit Title : Timeclock-software - Multiple SQL injections
Author:Marcela Benetrix
Date: 01/27/2016
version: 0.995 (older version may be vulnerable too)
software link:http://timeclock-software.net
#############################
Timeclock software
Timeclock-software.net's free software product will be a simple solution to
allow your employees to record their time in one central location for easy
access.
##########################
SQL Injection Location
1. http://server/login.php
username and password were vulnerable to time-based blind sql injection
type.
Moreover, once logged into the app; the following URLs were found to be
vulnerable too:
2. http://server/view_data.php?period_id
3. http://server/edit_type.php?type_id=
4. http://server/edit_user.php?user_id=
5. http://server/edit_entry.php?time_id=
All of them are vulnerable to Union query and time-based blind.
##########################
Vendor Notification
01/27/2016 to: the developers. They replied immediately and fixed the
problem in a new release
002/03/2016: Disclosure
Reference in a new issue View git blame Copy permalink