Full Disclosure: Edgewall Trac SQL Injection Vulnerability

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

Edgewall Trac SQL Injection Vulnerability

From: David Maciejak <david.maciejak () kyxar fr>
Date: Thu, 1 Dec 2005 22:52:01 +0100


Edgewall Trac SQL Injection Vulnerability

Trac is an enhanced wiki and issue tracking system
for software development project. It provides an
interface to Subversion.

More information on http://projects.edgewall.com/trac/

Description:

Malicious user can conduct SQL injection in ticket query module
because supplied 'group' URI data passed to the query script
is not properly sanitized.

PoC:

http://host/trac/query?group=/*

Vulnerable version:

Version tested is 0.9
Maybe 0.9 betas are also vulnerable

Solution:

Upgrade to version 0.9.1
http://projects.edgewall.com/trac/wiki/TracDownload

Thanks for the quick fix of the Trac Team !


David Maciejak 

--------------------------------------------------------------------------------
KYXAR.FR - Mail envoyé depuis http://webmail.kyxar.fr
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Edgewall Trac SQL Injection Vulnerability David Maciejak (Dec 01)