扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 |
CVE-2010-1583 Vendor notified and product update released. Details of this report are also available at http://www.madirish.net/?article=456 Description of Vulnerability: - ------------------------------ The Tirzen Framework (http://www.tirzen.net/tzn/) is a supporting API developed by Tirzen (http://www.tirzen.com), an intranet and internet solutions provider. The Tirzen Framework contains a SQL injection vulnerability (http://www.owasp.org/index.php/SQL_Injection). This vulnerability could allow an attacker to arbitrarily manipulate SQL strings constructed using the library. This vulnerability manifests itself most notably in the Task Freak (http://www.taskfreak.com/) open source task management software. The vulnerability can be exploited to bypass authentication and gain administrative access to the Task Freak system. Systems affected: - ------------------ Task Freak Multi User / mySQL v0.6.2 with Tirzen Framework 1.5 was tested and shown to be vulnerable. Impact - ------- Attackers could manipulate database query strings resulting in information disclosure, data destruction, authentication bypass, etc. Technical discussion and proof of concept: - ------------------------------------------- Tirzen Framework class TznDbConnection in the function loadByKey() (tzn_mysql.php line 605) manifests a SQL injection vulnerability because it fails to sanitize user supplied input used to compose SQL statements. Proof of concept: any user can log into TaskFreak as the administrator simply by using the username "1' or 1='1" Vendor response: - ---------------- Upgrade to the latest version of TaskFreak. - -- Justin C. Klein Keane http://www.MadIrish.net |
体验盒子
