[41456] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Edgewall Trac SQL Injection Vulnerability

daemon@ATHENA.MIT.EDU (David Maciejak)
Thu Dec 1 20:01:35 2005

Message-ID: <1133473837.438f702dd99a9@webmail.kyxar.fr>
Date: Thu,  1 Dec 2005 22:50:37 +0100
From: David Maciejak <david.maciejak@kyxar.fr>
To: bugtraq@securityfocus.com
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit

Edgewall Trac SQL Injection Vulnerability

Trac is an enhanced wiki and issue tracking system 
for software development project. It provides an
interface to Subversion.

More information on http://projects.edgewall.com/trac/

Description:

Malicious user can conduct SQL injection in ticket query module
because supplied 'group' URI data passed to the query script
is not properly sanitized.

PoC:

http://host/trac/query?group=/*

Vulnerable version:

Version tested is 0.9
Maybe 0.9 betas are also vulnerable

Solution:

Upgrade to version 0.9.1
http://projects.edgewall.com/trac/wiki/TracDownload

Thanks for the quick fix of the Trac Team !

David Maciejak

--------------------------------------------------------------------------------
KYXAR.FR - Mail envoyé depuis http://webmail.kyxar.fr


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[41456] in bugtraq

Edgewall Trac SQL Injection Vulnerability

daemon@ATHENA.MIT.EDU (David Maciejak)Thu Dec 1 20:01:35 2005

daemon@ATHENA.MIT.EDU (David Maciejak)
Thu Dec 1 20:01:35 2005