MantisBT - TestLink
View Issue Details
0006498TestLinkSecurity - Generalpublic2014-08-13 17:492014-09-27 16:43
cedric 
fman 
normalminoralways
closedfixed 
x86_64Windows7
1.9.10 (2014 Q1 - bug fixing) 
1.9.12 (2014 Q3) 
MySQL
Chrome 28
5.3.3
READY FOR TESTING
0006498: Cross-Site Scripting on /lib/plan/planExport.php (CWE-80)
There isn't a proper sanitization of the parameter "exportContent".
That is used as hidden input on planExport.tpl
 1. Login as a valid user.
 2. Proof-of-Concept:

http://demo.testlink.org/latest/lib/plan/planExport.php?tproject_id=23849&tplan_id=23869&platform_id=0&build_id=361&exportContent=4results%22%3E%3Cbutton%3Exss%3C/button%3E%3Cimg%20src=%22 [^]
No tags attached.
child of 0006457closed fman Availables hot-fixes for 1.9.11 & How To get full fixed package from gitorious 
Issue History
2014-08-13 17:49cedricNew Issue
2014-08-13 20:32fmanNote Added: 0021454
2014-08-13 20:39fmanQA Team - Task Workflow Status => TBD
2014-08-13 21:03fmanQA Team - Task Workflow StatusTBD => READY FOR TESTING
2014-08-13 21:03fmanNote Added: 0021457
2014-08-13 21:03fmanFixed in Version => 1.9.12 (2014 Q3)
2014-08-13 21:03fmanDescription Updatedbug_revision_view_page.php?rev_id=3657#r3657
2014-08-13 21:03fmanStatusnew => resolved
2014-08-13 21:03fmanResolutionopen => fixed
2014-08-13 21:03fmanAssigned To => fman
2014-08-13 21:03fmanRelationship addedchild of 0006457
2014-08-14 02:19cedricNote Added: 0021461
2014-08-14 06:53fmanNote Added: 0021462
2014-09-27 16:43fmanNote Added: 0021732
2014-09-27 16:43fmanStatusresolved => closed
2015-09-15 21:09fmanCategorySecurity => Security - XSS
2015-09-15 21:10fmanCategorySecurity - XSS => Security - General

Notes
(0021454)
fman   
2014-08-13 20:32   
Thanks
I suggests you to get latest code from gitorious because some work have been done regarding security.
Thats' because may be you are reportings things that has been already fixed.
(0021457)
fman   
2014-08-13 21:03   
https://gitorious.org/testlink-ga/testlink-code/commit/1fd82c67eb25618d593f869dc54f0a0a6731a68c [^]
(0021461)
cedric   
2014-08-14 02:19   
Yeah, I make some tests on demo.testlink.org and look at the current code in gitorious and my own server running testlink.
(0021462)
fman   
2014-08-14 06:53   
OK, thanks
(0021732)
fman   
2014-09-27 16:43   
Release done