|Anonymous | Login | Signup for a new account||2020-02-24 12:13 UTC|
|Main | My View | View Issues | Change Log | My Account|
|View Issue Details|
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0003469||TestLink||Documentation (Install, User Manual, help)||public||2010-05-18 11:25||2011-07-02 13:49|
|Product Version||2.0.0 (planned)|
|Fixed in Version||1.9.3 (2011 Q3 - bug fixing)|
|Summary||0003469: Documentation recommends insecure configuration for FCK editor|
|Description||There's a document on the Testlink website "HowTo configure: upload images using FCK editor" (http://www.teamst.org/index.php/news-mainmenu-2/13-development/43-howto-configure-upload-images-using-fck-editor [^]) that recommends to set "$Config['Enabled'] = true ;" to enable the upload feature of the FCK editor.|
After doing this, *everyone* can upload files to the Testlink server, regardless if he is logged in or even has an account at all. All he needs to know is the URL of the upload function of the FCK editor, but since the files are always in the same place in a Testlink installation, its not difficult to find out.
All you need to do to exploit this vulnerability is to find a Testlink installation and hope that the administrator enabled the upload feature of FCK editor. Then you have a public file share server.
|Additional Information||I recommend to|
- either replace "$Config['Enabled'] = true ;" with "$Config['Enabled'] = checkUpload();" in the documentation and then add a function "checkUpload()" that checks if the user actually has permission to upload files to Testlink
- or to add a note to the document stating that this howto must NOT be followed on publicly available servers.
A checkUpload() function could look something like this:
|Tags||No tags attached.|
|QA Team - Task Workflow Status|
|Attached Files||Configuration_of_FCKEditor_and_CKFinder.pdf [^] (201,776 bytes) 2011-04-14 09:11|
Reminder sent to: asimon
do you think you will be able to give a look on far future ?
The document mentioned here is very old and related to TL 1.7. So users should be careful when applying these changes to current version of TestLink.
For the moment it should be enough to add a very big notice to said document as a warning for users, saying that this configuration is not recommended and very insecure.
When I find the time, I (or we) will look into it sometime in the future. I can't add the notice to this document though, that has to be done by someone with editing rights on the CMS :)
edited on: 2010-05-19 10:02
please also consider http://www.teamst.org/index.php/doc [^] -> Enhanced configuration of HTML editor by Julian (pdf format)
right now link is broken.
we should rework this document and remove the old article on web
|And one more: docs/config_fckeditor_upload.txt in the Testlink installation which is available from the help menu also suggests to set $Config['Enabled'] = true|
edited on: 2011-04-14 09:16
sadly diff for pdf is shown... i will attach new document here. let me know if this works for everyone.
|2010-05-18 11:25||twelve||New Issue|
|2010-05-18 18:47||fman||Assigned To||=> asimon|
|2010-05-18 18:47||fman||Status||new => assigned|
|2010-05-18 18:48||fman||Note Added: 0010060|
|2010-05-19 07:20||asimon||Note Added: 0010064|
|2010-05-19 09:59||Julian||Note Added: 0010067|
|2010-05-19 10:02||Julian||Note Edited: 0010067||View Revisions|
|2010-05-19 11:06||twelve||Note Added: 0010068|
|2011-02-14 08:44||asimon||Assigned To||asimon =>|
|2011-02-14 08:44||asimon||Status||assigned => acknowledged|
|2011-02-14 08:44||asimon||Product Version||1.9 Beta 3 => 2.0.0 (planned)|
|2011-04-14 09:11||Julian||Note Added: 0014607|
|2011-04-14 09:11||Julian||Status||acknowledged => resolved|
|2011-04-14 09:11||Julian||Fixed in Version||=> 1.9.3 (2011 Q3 - bug fixing)|
|2011-04-14 09:11||Julian||Resolution||open => fixed|
|2011-04-14 09:11||Julian||Assigned To||=> Julian|
|2011-04-14 09:11||Julian||File Added: Configuration_of_FCKEditor_and_CKFinder.pdf|
|2011-04-14 09:16||Julian||Note Edited: 0014607||View Revisions|
|2011-07-02 13:49||fman||Note Added: 0015467|
|2011-07-02 13:49||fman||Status||resolved => closed|
|Copyright © 2000 - 2020 MantisBT Team|