what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 1 of 1 RSS Feed

Files

TaskFreak 0.6.3 SQL Injection
Posted Jun 30, 2010
Site secunia.com

Secunia Research has discovered a vulnerability in TaskFreak, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "password" parameter to login.php (when "username" is set to a valid user) is not properly sanitized before being used in a SQL query in include/classes/tzn_user.php. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation allows bypassing the authentication mechanism, but requires that "magic_quotes_gpc" is disabled. Version 0.6.3 is affected.

tags | advisory, arbitrary, php, sql injection
advisories | CVE-2010-1521
SHA-256 | 402599254250524376ff02d09c308db5397a2e0e9277f2833f67dbcb34a62353
Page 1 of 1
Back1Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
500,000 Impacted By Ohio Lottery Ransomware Attack
Posted May 10, 2024

tags | headline, hacker, malware, usa, cybercrime, cryptography
MoD Contractor Hacked By China Failed To Report Breach For Months
Posted May 10, 2024

tags | headline, hacker, government, britain, china, cyberwar, military
Ex-White House Election Threat Hunter Weighs In On What To Expect In November
Posted May 10, 2024

tags | headline, government, usa, russia, fraud, cyberwar
FBI Working Towards Nabbing Scattered Spider Hackers, Official Says
Posted May 10, 2024

tags | headline, hacker, government, usa, fbi
Leaked FBI Email Stresses Need For Warrantless Surveillance Of Americans
Posted May 10, 2024

tags | headline, government, privacy, usa, spyware, fbi
Exploited Chrome Zero Day Patched By Google
Posted May 10, 2024

tags | headline, flaw, google, patch, chrome
Cybersecurity Incident Impacts Operations At Ascension Hospitals
Posted May 10, 2024

tags | headline, hacker, privacy, malware, data loss
World Warned To Prepare For Today's Severe Geomagnetic Storm, First In 20 Years
Posted May 10, 2024

tags | headline
GhostStripe Attack Haunts Self-Driving Cars
Posted May 10, 2024

tags | headline, hacker, flaw
AWS CloudQuarry: Digging For Secrets In Public AMIs
Posted May 9, 2024

tags | headline, amazon, data loss, flaw, password
View More News →
packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close