Mantis Bugtracker          
testlink.org

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0005147TestLinkSecurity - Generalpublic2012-08-17 07:352013-05-27 13:28
Reporterfman 
Assigned Tofman 
PriorityhighSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version1.9.3 (2011 Q3 - bug fixing) 
Fixed in Version1.9.4 (2012 Q3 - bug fixing) 
Summary0005147: metasploit - TestLink v1.9.3 Arbitrary File Upload Vulnerability
Descriptionhttp://www.metasploit.com/modules/exploit/multi/http/testlink_upload_exec [^]

1. The file name can be retrieved from the database using SQL injection.
this is fixed if you apply on 1.9.3 0004906

2. direct access to upload_area directory
one way to solve this is (at least for people using apache) is to create inside upload_area .htaccess (attached file used by mantisbt).
Other approach:
configuring:
$g_repositoryPath = '/var/testlink/upload_area/'; /* unix example */


we are going to work on 1.9.4 to allow config of upload area OUTSIDE of web server accessible folders, this way we will increase security.
This will change a little bit config tasks.
TagsNo tags attached.
Database (MySQL,Postgres,etc)N/A
Browser
PHP Version
TestCaseID
QA Team - Task Workflow StatusREADY FOR TESTING
Attached Files? file icon .htaccess [^] (59 bytes) 2012-08-17 07:35

- Relationships
related to 0005148closedfman http://itsecuritysolutions.org/2012-08-13-TestLink-1.9.3-multiple-vulnerabilities/ [^
related to 0005151closedfman [1.9.4 PREVIEW]With the QA Build 20120817, the installation script does not use the correct folder path for logs and upload_area 

-  Notes
(0017280)
fman (administrator)
2012-09-01 19:58

1.9.4 released

- Issue History
Date Modified Username Field Change
2012-08-17 07:35 fman New Issue
2012-08-17 07:35 fman Status new => assigned
2012-08-17 07:35 fman Assigned To => fman
2012-08-17 07:35 fman File Added: .htaccess
2012-08-17 08:52 fman Relationship added related to 0005148
2012-08-17 09:00 fman Description Updated View Revisions
2012-08-17 17:44 fman Status assigned => resolved
2012-08-17 17:44 fman Fixed in Version => 1.9.4 (2012 Q3 - bug fixing)
2012-08-17 17:44 fman Resolution open => fixed
2012-08-18 15:13 fman Relationship added related to 0005151
2012-09-01 19:58 fman Note Added: 0017280
2012-09-01 19:58 fman Status resolved => closed
2015-09-15 21:09 fman Category Security => Security - XSS
2015-09-15 21:10 fman Category Security - XSS => Security - General



Copyright © 2000 - 2018 MantisBT Team
Powered by Mantis Bugtracker