Task Freak 0.6.2 remote SQL injection vulnerability

2010.05.01
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2010-1583 Vendor notified and product update released. Details of this report are also available at http://www.madirish.net/?article=456 Description of Vulnerability: - ------------------------------ The Tirzen Framework (http://www.tirzen.net/tzn/) is a supporting API developed by Tirzen (http://www.tirzen.com), an intranet and internet solutions provider. The Tirzen Framework contains a SQL injection vulnerability (http://www.owasp.org/index.php/SQL_Injection). This vulnerability could allow an attacker to arbitrarily manipulate SQL strings constructed using the library. This vulnerability manifests itself most notably in the Task Freak (http://www.taskfreak.com/) open source task management software. The vulnerability can be exploited to bypass authentication and gain administrative access to the Task Freak system. Systems affected: - ------------------ Task Freak Multi User / mySQL v0.6.2 with Tirzen Framework 1.5 was tested and shown to be vulnerable. Impact - ------- Attackers could manipulate database query strings resulting in information disclosure, data destruction, authentication bypass, etc. Technical discussion and proof of concept: - ------------------------------------------- Tirzen Framework class TznDbConnection in the function loadByKey() (tzn_mysql.php line 605) manifests a SQL injection vulnerability because it fails to sanitize user supplied input used to compose SQL statements. Proof of concept: any user can log into TaskFreak as the administrator simply by using the username "1' or 1='1" Vendor response: - ---------------- Upgrade to the latest version of TaskFreak. - -- Justin C. Klein Keane http://www.MadIrish.net The digital signature on this message can be confirmed using the public key at http://www.madirish.net/gpgkey -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iPwEAQECAAYFAkvZkBcACgkQkSlsbLsN1gCGigcAkzmJCFyLWGJwM+MSm73YKPMq NDPDzQZUdMZY9YpDWauL7GThIg6y8jfXd4NNdmIZ9yYr+ko7g7hFT4EnkKDlokj9 PVmZBIgysIycECu+XbcvJlNJLxE1g6rHHsSdvo0vn8mnDQeLWoALWrhaR661S4Ok 3Yel45wQNly2Y4b82lEL1/myLWwqoPP/zspM0Sm21mTCWStfCX0QCyZGYNUmlccI 2ci/7gT8tBNjWR3OAsznyIMi345IPAMMCfa6UDKKkv/wJCIwab4vxx/C+SGViDh8 of2kOYgowgmputYKeso= =RMcJ -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top