‘BugTracker.NET Multiple Vulnerabilities’

Summary

Several cross-site scripting and SQL-injection vulnerabilities were found in BugTracker.NET.’

Credit:

‘The information has been provided by Damian Saura and Alejandro Frydman.
The original article can be found at: http://www.coresecurity.com/content/multiple-vulnerabilities-in-bugtracker


Details

Vulnerable Systems:
 * BugTracker.NET v3.4.4 and earlier

Immune Systems:
 * BugTracker.NET v3.4.5

Several cross-site scripting and SQL-injection vulnerabilities were found in the following files of the BugTracker.NET:

bugs.aspx. – SQL injection in line 141.
delete_query.aspx. – No sanitization for row_id.Value in line 30.
edit_bug.aspx. – Variables without sanitization in lines 1846 and 1857.
edit_bug.aspx. – No sanitization for variable new_project, line 2214.
edit_bug.aspx. – XSS in line 2918.
edit_comment.aspx. – XSS in line 233.
edit_customfield.aspx. – Lines 165 and 172, no sanitization.
edit_user_permissions2.aspx. – XSS in line 40.
massedit.aspx. – SQL Injection in line 162.

CVE Information:
CVE-2010-3266
CVE-2010-3267

Disclosure Timeline:
2010-11-29: BugTracker team is notified
2010-11-29: Technical details sent to BugTracker team.
2010-11-30: The advisory CORE-2010-1109 is published.’

Categories: News