Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormJustin C. Klein KeanePACKETSTORM:89063
HistoryApr 29, 2010 - 12:00 a.m.

Task Freak 0.6.2 SQL Injection

2010-04-2900:00:00
Justin C. Klein Keane
packetstormsecurity.com
14

0.001 Low

EPSS

Percentile

36.8%

JSON
`-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA1  
  
CVE-2010-1583  
  
Vendor notified and product update released.  
Details of this report are also available at  
http://www.madirish.net/?article=456  
  
Description of Vulnerability:  
- ------------------------------  
The Tirzen Framework (http://www.tirzen.net/tzn/) is a supporting API  
developed by Tirzen (http://www.tirzen.com), an intranet and internet  
solutions provider. The Tirzen Framework contains a SQL injection  
vulnerability (http://www.owasp.org/index.php/SQL_Injection). This  
vulnerability could allow an attacker to arbitrarily manipulate SQL  
strings constructed using the library. This vulnerability manifests  
itself most notably in the Task Freak (http://www.taskfreak.com/) open  
source task management software. The vulnerability can be exploited to  
bypass authentication and gain administrative access to the Task Freak  
system.  
  
Systems affected:  
- ------------------  
Task Freak Multi User / mySQL v0.6.2 with Tirzen Framework 1.5 was  
tested and shown to be vulnerable.  
  
Impact  
- -------  
Attackers could manipulate database query strings resulting in  
information disclosure, data destruction, authentication bypass, etc.  
  
Technical discussion and proof of concept:  
- -------------------------------------------  
Tirzen Framework class TznDbConnection in the function loadByKey()  
(tzn_mysql.php line 605) manifests a SQL injection vulnerability because  
it fails to sanitize user supplied input used to compose SQL statements.  
  
Proof of concept: any user can log into TaskFreak as the administrator  
simply by using the username "1' or 1='1"  
  
Vendor response:  
- ----------------  
Upgrade to the latest version of TaskFreak.  
  
- --   
Justin C. Klein Keane  
http://www.MadIrish.net  
  
The digital signature on this message can be confirmed  
using the public key at http://www.madirish.net/gpgkey  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1.4.10 (GNU/Linux)  
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/  
  
iPwEAQECAAYFAkvZkBcACgkQkSlsbLsN1gCGigcAkzmJCFyLWGJwM+MSm73YKPMq  
NDPDzQZUdMZY9YpDWauL7GThIg6y8jfXd4NNdmIZ9yYr+ko7g7hFT4EnkKDlokj9  
PVmZBIgysIycECu+XbcvJlNJLxE1g6rHHsSdvo0vn8mnDQeLWoALWrhaR661S4Ok  
3Yel45wQNly2Y4b82lEL1/myLWwqoPP/zspM0Sm21mTCWStfCX0QCyZGYNUmlccI  
2ci/7gT8tBNjWR3OAsznyIMi345IPAMMCfa6UDKKkv/wJCIwab4vxx/C+SGViDh8  
of2kOYgowgmputYKeso=  
=RMcJ  
-----END PGP SIGNATURE-----  
  
`

Related

seebug 1
openvas 2
prion 1
exploitpack 1
nessus 1
securityvulns 2
cve 1
cvelist 1
exploitdb 1
seebug
seebug
TaskFreak 0.6.2 - SQL Injection Vulnerability
2014-07-01 00:00:00
openvas
openvas
TaskFreak! < 0.6.3 SQLi Vulnerability
2010-05-25 00:00:00
Task Freak 'loadByKey()' SQL Injection Vulnerability
2010-05-25 00:00:00
prion
prion
Sql injection
2010-05-06 12:47:00
exploitpack
exploitpack
TaskFreak 0.6.2 - SQL Injection
2010-04-29 00:00:00
nessus
nessus
TaskFreak! loadByKey() SQL Injection
2010-05-04 00:00:00
securityvulns
securityvulns
TaskFreak 0.6.2 SQL Injection Vulnerability
2010-04-30 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2010-04-30 00:00:00
cve
cve
CVE-2010-1583
2010-05-06 12:47:00
cvelist
cvelist
CVE-2010-1583
2010-05-05 18:00:00
exploitdb
exploitdb
TaskFreak 0.6.2 - SQL Injection
2010-04-29 00:00:00

0.001 Low

EPSS

Percentile

36.8%

JSON
Related for PACKETSTORM:89063
seebug1openvas2prion1exploitpack1nessus1securityvulns2cve1cvelist1exploitdb1