Edgewall Trac version 0.9 is susceptible to a SQL injection attack due to a lack of sanity checking on the group variable.
0e476544b659e0558351730fac351de96b79fa2ac9ed9599c2b7042ef2694279Edgewall Trac SQL Injection Vulnerability
Trac is an enhanced wiki and issue tracking system
for software development project. It provides an
interface to Subversion.
More information on http://projects.edgewall.com/trac/
Description:
Malicious user can conduct SQL injection in ticket query module
because supplied 'group' URI data passed to the query script
is not properly sanitized.
PoC:
http://host/trac/query?group=/*
Vulnerable version:
Version tested is 0.9
Maybe 0.9 betas are also vulnerable
Solution:
Upgrade to version 0.9.1
http://projects.edgewall.com/trac/wiki/TracDownload
Thanks for the quick fix of the Trac Team !
David Maciejak
--------------------------------------------------------------------------------
KYXAR.FR - Mail envoyé depuis http://webmail.kyxar.fr
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed