Pay Roll Time Sheet and Punch Card Application With Web UI Login.ASP SQL Injection Vulnerability
BID:25114
Info
Pay Roll Time Sheet and Punch Card Application With Web UI Login.ASP SQL Injection Vulnerability
| Bugtraq ID: | 25114 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 28 2007 12:00AM |
| Updated: | Jul 30 2007 09:45PM |
| Credit: | Aria-Security Team is credited with the discovery of this vulnerability. |
| Vulnerable: |
CodeWidgets Pay Roll - Time Sheet and Punch Card Application 0 |
| Not Vulnerable: | |
Discussion
Exploit / POC
Pay Roll Time Sheet and Punch Card Application With Web UI Login.ASP SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
To demonstrate this issue, use a valid username, such as 'admin', in the Username field, and the following string for the password field of the vulnerable script:
anything' OR 'x'='x
Attackers can use a browser to exploit this issue.
To demonstrate this issue, use a valid username, such as 'admin', in the Username field, and the following string for the password field of the vulnerable script:
anything' OR 'x'='x
Solution / Fix
Pay Roll Time Sheet and Punch Card Application With Web UI Login.ASP SQL Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
Pay Roll Time Sheet and Punch Card Application With Web UI Login.ASP SQL Injection Vulnerability
References:
References: