Bugtraq mailing list archives
NeoInvoice Blind SQL Injection (CVE-2012-3477)
From: Adam Caudill <adam () adamcaudill com>
Date: Sun, 12 Aug 2012 13:32:03 -0400
NeoInvoice is a multi-tenant open source invoicing system, that currently contains an unauthenticated blind SQL injection condition in signup_check.php. The input for the value field isn't being properly sanitized, and is used in string concatenation to create the SQL query. See here for the offending code: https://github.com/tlhunter/neoinvoice/blob/5e7af94641cba17df9141e95108c369cfb6e6dd5/public/signup_check.php#L29 Proof of concept: signup_check.php?field=username&value='+OR+SLEEP(5)+OR+' I've alerted the author but haven't heard back. More Info: http://adamcaudill.com/2012/08/12/neoinvoice-blind-sql-injection-cve-2012-3477/ Project: https://github.com/tlhunter/neoinvoice --Adam Caudill http://adamcaudill.com
Current thread:
- NeoInvoice Blind SQL Injection (CVE-2012-3477) Adam Caudill (Aug 14)