CVE-2010-0122

Employee Timeclock Software 0.99 - SQL Injection via Username or Password Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-0122. PoCs published by Secunia Research.

AI-analyzed exploit summary This is a vulnerability advisory from Secunia Research detailing SQL injection vulnerabilities in Employee Timeclock Software 0.99. The advisory describes how input passed to the 'username' and 'password' parameters in auth.php and login_action.php is not properly sanitized, allowing arbitrary SQL code injection.

Description

Multiple SQL injection vulnerabilities in Employee Timeclock Software 0.99 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to (a) auth.php or (b) login_action.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Secunia Research · textwebappsphp

https://www.exploit-db.com/exploits/39427

View Code ZIP pw:eip

This is a vulnerability advisory from Secunia Research detailing SQL injection vulnerabilities in Employee Timeclock Software 0.99. The advisory describes how input passed to the 'username' and 'password' parameters in auth.php and login_action.php is not properly sanitized, allowing arbitrary SQL code injection.

Classification

Writeup 100%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: Employee Timeclock Software 0.99

No auth needed

Prerequisites: Network access to the vulnerable application

MITRE ATT&CK