David Maciejak
02/12/05, 02:15
Edgewall Trac SQL Injection Vulnerability
Trac is an enhanced wiki and issue tracking system
for software development project. It provides an
interface to Subversion.
More information on http://projects.edgewall.com/trac/
Description:
Malicious user can conduct SQL injection in ticket query module
because supplied 'group' URI data passed to the query script
is not properly sanitized.
PoC:
http://host/trac/query?group=/*
Vulnerable version:
Version tested is 0.9
Maybe 0.9 betas are also vulnerable
Solution:
Upgrade to version 0.9.1
http://projects.edgewall.com/trac/wiki/TracDownload
Thanks for the quick fix of the Trac Team !
David Maciejak
--------------------------------------------------------------------------------
KYXAR.FR - Mail envoyé depuis http://webmail.kyxar.fr
Trac is an enhanced wiki and issue tracking system
for software development project. It provides an
interface to Subversion.
More information on http://projects.edgewall.com/trac/
Description:
Malicious user can conduct SQL injection in ticket query module
because supplied 'group' URI data passed to the query script
is not properly sanitized.
PoC:
http://host/trac/query?group=/*
Vulnerable version:
Version tested is 0.9
Maybe 0.9 betas are also vulnerable
Solution:
Upgrade to version 0.9.1
http://projects.edgewall.com/trac/wiki/TracDownload
Thanks for the quick fix of the Trac Team !
David Maciejak
--------------------------------------------------------------------------------
KYXAR.FR - Mail envoyé depuis http://webmail.kyxar.fr