thERP 1.4.4 multiple security vulnerabilities
There are multiple security vulnerabilities in thERP <= 1.4.4 which allow an unauthorized user to take control of the software.
Software
Software Link: thERP
Vulnerable Version: <= 1.4.4
Vendor Notification: service@softexconsulting.com [ 2010-11-16 10:30 PM ]
# No reply from vendor by 2010-11-23 # Advisory released.
Vulnerabilities
# Authentication Bypass # Unpatched
Username: admin Password: 'or'1'='1
The following proof of concept is available :
# SQL Injection # Unpatched
The following proof of concept is available :
# Blind SQL Injection # Unpatched
The following proof of concept is available :
# Persistent Cross Site Scripting # Unpatched
Cross-Site Scripting payloads can be injected in to the logs by mangling an SQL query and appending the XSS payload. The SQL error will be saved to the log along with the XSS payload. The paylod will be executed whenever an authorized user browses "/common/logger.php"
Reference
# OWASP: SQL Injection
# OWASP: Cross-Site Scripting
# OWASP: Authentication Bypass
Appendix
[TXT] thERP multiple security vulnerabilities