Mantis Bugtracker          
testlink.org

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0006488TestLinkSecurity - Generalpublic2014-08-12 14:052014-09-27 16:43
Reportercedric 
Assigned Tofman 
PriorityhighSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
Platformx86_64OSWindowsOS Version7
Product Version1.9.10 (2014 Q1 - bug fixing) 
Fixed in Version1.9.12 (2014 Q3) 
Summary0006488: SQL Injection (CWE-89) (eventinfo.php)
DescriptionImproper sanitization of POST parameter 'id' on the event viewer.eventinfo.php
Steps To Reproduce 1. Login as a proper user with access to the event viewer panel (this could be circumvent with another attack/spoof by the attacker).

 2. Launch the attack against /lib/events/eventinfo.php

Proof-of-concept:

id=1 union select 1,2,3,password,5,6,7,8,9 from users
Tagsinjection, mysql, SQL
Database (MySQL,Postgres,etc)MySQL
BrowserChrome 28
PHP VersionPHP 5.3.3
TestCaseID
QA Team - Task Workflow StatusREADY FOR TESTING
Attached Filespatch file icon logger.class.php.patch [^] (531 bytes) 2014-08-12 14:34 [Show Content]

- Relationships
child of 0006457closedfman Availables hot-fixes for 1.9.11 & How To get full fixed package from gitorious 

-  Notes
(0021432)
fman (administrator)
2014-08-12 14:28

thanks
(0021433)
fman (administrator)
2014-08-12 14:55

please try this
https://gitorious.org/testlink-ga/testlink-code/commit/13c82be155e4b4feb3e841d71dc619825b26e362 [^]

and provide feedback
(0021434)
cedric (reporter)
2014-08-12 15:09

Patch works and fix the issue.
(0021435)
fman (administrator)
2014-08-12 15:10

thanks
(0021737)
fman (administrator)
2014-09-27 16:43

Release done

- Issue History
Date Modified Username Field Change
2014-08-12 14:05 cedric New Issue
2014-08-12 14:06 cedric Tag Attached: mysql
2014-08-12 14:06 cedric Tag Attached: SQL
2014-08-12 14:06 cedric Tag Attached: injection
2014-08-12 14:28 fman Note Added: 0021432
2014-08-12 14:30 fman QA Team - Task Workflow Status => TBD
2014-08-12 14:30 fman Summary SQL Injection (CWE-89) => SQL Injection (CWE-89) (eventinfo.php)
2014-08-12 14:30 fman Description Updated View Revisions
2014-08-12 14:34 cedric File Added: logger.class.php.patch
2014-08-12 14:55 fman Note Added: 0021433
2014-08-12 14:58 fman Assigned To => fman
2014-08-12 14:58 fman Status new => feedback
2014-08-12 15:09 cedric Note Added: 0021434
2014-08-12 15:09 cedric Status feedback => assigned
2014-08-12 15:10 fman Note Added: 0021435
2014-08-12 15:10 fman QA Team - Task Workflow Status TBD => READY FOR TESTING
2014-08-12 15:10 fman Status assigned => resolved
2014-08-12 15:10 fman Fixed in Version => 1.9.12 (2014 Q3)
2014-08-12 15:10 fman Resolution open => fixed
2014-08-12 15:11 fman Relationship added child of 0006457
2014-09-27 16:43 fman Note Added: 0021737
2014-09-27 16:43 fman Status resolved => closed
2015-09-15 21:09 fman Category Security => Security - XSS
2015-09-15 21:10 fman Category Security - XSS => Security - General



Copyright © 2000 - 2018 MantisBT Team
Powered by Mantis Bugtracker