Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-24707 PoC — Anuko Time Tracker SQL注入漏洞

Source
https://github.com/thepiyushkumarshukla/CVE-2022-24707_AnukoTimeTracker_Version-1.20.0_POC
Associated Vulnerability
Title:Anuko Time Tracker SQL注入漏洞 (CVE-2022-24707)
Description:Anuko Time Tracker是个人开发者的一个开源的时间统计系统。用于统计员工在各个工作上花费时间的一个平台。 Anuko Time Tracker 1.20.0.5646之前版本存在SQL注入漏洞,该漏洞源于Puncher插件重用了来自其他地方的代码,并依赖于POST请求中未经处理的日期参数,插件存在UNION SQL注入漏洞和基于时间的盲注入漏洞。
Readme
# CVE-2022-24707 Anuko Time Tracker SQL Injection Exploit

A security assessment tool that demonstrates a SQL injection vulnerability in Anuko Time Tracker's Version 1.20.0 puncher feature. This tool helps to Dump the whole ```tt_users``` Database and revels every single entry, If used as per following the simple instructions !

## ⚠️ Disclaimer

This tool is intended for:
- Security research and education
- Authorized penetration testing
- Vulnerability demonstration in controlled environments

**Unauthorized use against systems you don't own or have explicit permission to test is illegal.**

## 🚀 Features

- **Automated Exploitation**: Streamlined process from login to credential extraction
- **SQL Injection**: Exploits time-based SQL injection in puncher feature
- **Credential Extraction**: Retrieves all user credentials from database
- **Automatic Cleanup**: Removes traces after exploitation
- **User-Friendly Interface**: Clear output and progress indicators
- **Error Handling**: Robust error management and user feedback

## 📋 Prerequisites

WEB-APPLICATION ( Your must able to find all below settings, just explore the Web-Application )
--------------------------------------
- Version 1.20.0 Or less
- Administrator Access is MUST Required
- Users database name is ```tt_users``` ( which is default OR also can be changed in script )
- Creat a group in Anuko Time Tracker, Via Login as ADMINISTRATOR
- Now Re-Login as Group Manager in Anuko web-app
- Now add a DEMO project as group manager in the group
- Now ENABLE the ```Puncher``` plugin from the ```Plugin``` section
- MAKE SURE TO SAVE ALL THE CHANGES !

INTERNAL
------------------------------------
- Python 3.6+
- Required packages:
  ```bash
  pip install requests beautifulsoup4 lxml


## 📖 Usage
```python3 anuko_exploit.py --host http://target.com --username user --password pass```

## Example
```python3 anuko_exploit.py --host http://192.168.1.100/timetracker --username admin --password admin123```

## Arguments

Argument	Description	Required

--host	Target URL (e.g., http://target.com/timetracker)	Yes
--username	Valid username for authentication	Yes
--password	Valid password for authentication	Yes
--help	Show help message and usage examples	No
File Snapshot

 [4.0K]  /data/pocs/8873f417197b72bd767ab1ed93029e5869e29c40
├── [ 11K]  anuko_exploit.py
└── [2.2K]  README.md

1 directory, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.