[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] NeoInvoice Blind SQL Injection (CVE-2012-3477)

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] NeoInvoice Blind SQL Injection (CVE-2012-3477)
From: Adam Caudill <adam@xxxxxxxxxxxxxxx>
Date: Sun, 12 Aug 2012 13:28:15 -0400

NeoInvoice is a multi-tenant open source invoicing system, that
currently contains an unauthenticated blind SQL injection condition in
signup_check.php. The input for the value field isn't being properly
sanitized, and is used in string concatenation to create the SQL
query.

See here for the offending code:

https://github.com/tlhunter/neoinvoice/blob/5e7af94641cba17df9141e95108c369cfb6e6dd5/public/signup_check.php#L29

Proof of concept:

signup_check.php?field=username&value='+OR+SLEEP(5)+OR+'

I've alerted the author but haven't heard back.

More Info: 
http://adamcaudill.com/2012/08/12/neoinvoice-blind-sql-injection-cve-2012-3477/
Project: https://github.com/tlhunter/neoinvoice

--Adam Caudill
http://adamcaudill.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] DLL Hijacking Against Installers In Browser Download Folders for Phish and Profit
Next by Date: [Full-disclosure] The Android Superuser App
Previous by thread: Re: [Full-disclosure] DLL Hijacking Against Installers In Browser Download Folders for Phish and Profit
Next by thread: [Full-disclosure] The Android Superuser App
Index(es):
- Date
- Thread