Mantis Bugtracker          
testlink.org

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0006486TestLinkSecurity - Generalpublic2014-08-11 19:012014-09-27 16:43
Reportercedric 
Assigned Tofman 
PrioritynormalSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version1.9.10 (2014 Q1 - bug fixing) 
Fixed in Version1.9.12 (2014 Q3) 
Summary0006486: Cross-Site Scripting on login page
DescriptionThere's a bug on the login.php page, through the redirect parameter, that allows an attacker to inject javascript code and/or redirect user to another website.
Steps To Reproduce* Go to login.php
* Append the malicious code into the redirect parameter.

Proof-of-Concept: http://demo.testlink.org/latest/login.php?note=expired&destination=%2Flinkto.php';alert(document.cookie)// [^]
Additional InformationPatch appended.
TagsNo tags attached.
Database (MySQL,Postgres,etc)MySQL
BrowserChrome 28
PHP Version5.3
TestCaseID
QA Team - Task Workflow StatusREADY FOR TESTING
Attached Filespatch file icon common.php.patch [^] (317 bytes) 2014-08-11 19:01 [Show Content]

- Relationships
child of 0006457closedfman Availables hot-fixes for 1.9.11 & How To get full fixed package from gitorious 

-  Notes
(0021422)
cedric (reporter)
2014-08-11 19:10

Patch for lib/functions/common.php
(0021424)
fman (administrator)
2014-08-12 07:56

OK; thanks
(0021736)
fman (administrator)
2014-09-27 16:43

Release done

- Issue History
Date Modified Username Field Change
2014-08-11 19:01 cedric New Issue
2014-08-11 19:01 cedric File Added: common.php.patch
2014-08-11 19:10 cedric Note Added: 0021422
2014-08-12 07:56 fman Note Added: 0021424
2014-08-12 07:57 fman QA Team - Task Workflow Status => TBD
2014-08-12 08:15 fman Note Added: 0021425
2014-08-12 08:17 fman QA Team - Task Workflow Status TBD => READY FOR TESTING
2014-08-12 08:17 fman Status new => resolved
2014-08-12 08:17 fman Fixed in Version => 1.9.12 (2014 Q3)
2014-08-12 08:17 fman Resolution open => fixed
2014-08-12 08:17 fman Assigned To => fman
2014-08-12 08:17 fman Relationship added child of 0006457
2014-08-12 15:34 fman Note Added: 0021436
2014-08-12 15:38 fman Note Deleted: 0021436
2014-08-12 15:38 fman Note Deleted: 0021425
2014-09-27 16:43 fman Note Added: 0021736
2014-09-27 16:43 fman Status resolved => closed
2015-09-15 21:09 fman Category Security => Security - XSS
2015-09-15 21:10 fman Category Security - XSS => Security - General



Copyright © 2000 - 2018 MantisBT Team
Powered by Mantis Bugtracker