[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Edgewall Trac SQL Injection Vulnerability

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Edgewall Trac SQL Injection Vulnerability
From: David Maciejak <david.maciejak@xxxxxxxx>
Date: Thu, 1 Dec 2005 22:52:01 +0100

Edgewall Trac SQL Injection Vulnerability

Trac is an enhanced wiki and issue tracking system
for software development project. It provides an
interface to Subversion.

More information on http://projects.edgewall.com/trac/

Description:

Malicious user can conduct SQL injection in ticket query module
because supplied 'group' URI data passed to the query script
is not properly sanitized.

PoC:

http://host/trac/query?group=/*

Vulnerable version:

Version tested is 0.9
Maybe 0.9 betas are also vulnerable

Solution:

Upgrade to version 0.9.1
http://projects.edgewall.com/trac/wiki/TracDownload

Thanks for the quick fix of the Trac Team !


David Maciejak 

--------------------------------------------------------------------------------
KYXAR.FR - Mail envoyé depuis http://webmail.kyxar.fr
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Most common keystroke loggers?
Next by Date: Re: [Full-disclosure] Most common keystroke loggers?
Previous by thread: [Full-disclosure] Re: Most common keystroke loggers?
Next by thread: [Full-disclosure] Cisco Security Advisory: IOS HTTP Server Command Injection Vulnerability
Index(es):
- Date
- Thread