Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Task Freak 0.6.2 SQL Injection

Related Vulnerabilities: CVE-2010-1583  
Publish Date: 29 Apr 2010
Author: Justin C. Klein Keane
Source 
                							

                -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2010-1583

Vendor notified and product update released.
Details of this report are also available at
 http://www.madirish.net/?article=456

Description of Vulnerability:
- ------------------------------
The Tirzen Framework (http://www.tirzen.net/tzn/) is a supporting API
developed by Tirzen (http://www.tirzen.com), an intranet and internet
solutions provider.  The Tirzen Framework contains a SQL injection
vulnerability (http://www.owasp.org/index.php/SQL_Injection).  This
vulnerability could allow an attacker to arbitrarily manipulate SQL
strings constructed using the library.  This vulnerability manifests
itself most notably in the Task Freak (http://www.taskfreak.com/) open
source task management software.  The vulnerability can be exploited to
bypass authentication and gain administrative access to the Task Freak
system.

Systems affected:
- ------------------
Task Freak Multi User / mySQL v0.6.2 with Tirzen Framework 1.5 was
tested and shown to be vulnerable.

Impact
- -------
Attackers could manipulate database query strings resulting in
information disclosure, data destruction, authentication bypass, etc.

Technical discussion and proof of concept:
- -------------------------------------------
Tirzen Framework class TznDbConnection in the function loadByKey()
(tzn_mysql.php line 605) manifests a SQL injection vulnerability because
it fails to sanitize user supplied input used to compose SQL statements.

Proof of concept: any user can log into TaskFreak as the administrator
simply by using the username "1' or 1='1"

Vendor response:
- ----------------
Upgrade to the latest version of TaskFreak.

- -- 
Justin C. Klein Keane
http://www.MadIrish.net

The digital signature on this message can be confirmed
using the public key at http://www.madirish.net/gpgkey
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iPwEAQECAAYFAkvZkBcACgkQkSlsbLsN1gCGigcAkzmJCFyLWGJwM+MSm73YKPMq
NDPDzQZUdMZY9YpDWauL7GThIg6y8jfXd4NNdmIZ9yYr+ko7g7hFT4EnkKDlokj9
PVmZBIgysIycECu+XbcvJlNJLxE1g6rHHsSdvo0vn8mnDQeLWoALWrhaR661S4Ok
3Yel45wQNly2Y4b82lEL1/myLWwqoPP/zspM0Sm21mTCWStfCX0QCyZGYNUmlccI
2ci/7gT8tBNjWR3OAsznyIMi345IPAMMCfa6UDKKkv/wJCIwab4vxx/C+SGViDh8
of2kOYgowgmputYKeso=
=RMcJ
-----END PGP SIGNATURE-----

<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started