Closed
Bug 219044
Opened 21 years ago
Closed 21 years ago
MySQL injection vulnerability in editkeywords.cgi
Categories
(Bugzilla :: Administration, task)
Bugzilla
Administration
Tracking
()
RESOLVED
FIXED
Bugzilla 2.16
People
(Reporter: goobix, Assigned: bugreport)
References
()
Details
(Whiteboard: [fixed in 2.16.4] [fixed in 2.17.5])
Attachments
(1 file)
|
440 bytes,
patch
|
justdave
:
review+
zach
:
review+
|
Details | Diff | Splinter Review |
Any user with the editkeywords priv can do MySQL injection attacks and find out
confidential information using direct access to the Bugzilla database.
For example, by clicking the URL of this bug,
http://bugzilla.mozilla.org/editkeywords.cgi?action=edit&id=1234567+union+select+login_name,cryptpassword+from+profiles
someone can find out the username and the cryptpassword of a user.
The issue is that the "ID" field is not validated before it's passed to the
SendSQL subroutine.
|
||
Updated•21 years ago
|
Whiteboard: [wanted for 2.16.5] [wanted for 2.17.6]
Target Milestone: --- → Bugzilla 2.16
|
Reporter | |
Comment 1•21 years ago
|
||
So a patch needs to be written againest the 2.16 branch.
What about a patch againest CVS Head? Are we waiting for the admin rewrite
thing, or it's worth fixing before that?
|
|
||
Comment 2•21 years ago
|
||
I'd just as soon do the rewrite (which I expect to happen soon) for 2.17.
That's why I put 2.17.6 on it instead of 2.17.5
|
Assignee | |
Comment 3•21 years ago
|
||
All we need to do is detain_natural the id
|
|
Assignee | |
Updated•21 years ago
|
Attachment #134158 -
Flags: review?(justdave)
|
|
||
Updated•21 years ago
|
Whiteboard: [wanted for 2.16.5] [wanted for 2.17.6] → [wanted for 2.16.4] [wanted for 2.17.5]
|
|
||
Comment 4•21 years ago
|
||
Comment on attachment 134158 [details] [diff] [review]
Patch (both branches)
Patch applies cleanly to both branches. Seems to do the trick. Gives me
"Something screwy is going on here, please try again"
Attachment #134158 -
Attachment description: Patch → Patch (both branches)
Attachment #134158 -
Flags: review?(justdave)
Attachment #134158 -
Flags: review?(bbaetz)
Attachment #134158 -
Flags: review+
|
|
||
Updated•21 years ago
|
Attachment #134158 -
Flags: review?(myk)
|
||
Comment 5•21 years ago
|
||
Comment on attachment 134158 [details] [diff] [review]
Patch (both branches)
r=zach
Attachment #134158 -
Flags: review?(myk)
|
|
||
Updated•21 years ago
|
Whiteboard: [wanted for 2.16.4] [wanted for 2.17.5] → [ready for 2.16.4] [ready for 2.17.5]
|
|
||
Updated•21 years ago
|
Attachment #134158 -
Flags: review?(bbaetz)
|
|
||
Comment 7•21 years ago
|
||
Checked in on trunk:
Checking in editkeywords.cgi;
/cvsroot/mozilla/webtools/bugzilla/editkeywords.cgi,v <-- editkeywords.cgi
new revision: 1.16; previous revision: 1.15
done
Flags: approval+
Whiteboard: [ready for 2.16.4] [ready for 2.17.5] → [ready for 2.16.4] [fixed in 2.17.5]
|
|
||
Comment 8•21 years ago
|
||
Checked in on 2.16 branch:
Checking in editkeywords.cgi;
/cvsroot/mozilla/webtools/bugzilla/editkeywords.cgi,v <-- editkeywords.cgi
new revision: 1.9.2.2; previous revision: 1.9.2.1
done
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED
Whiteboard: [ready for 2.16.4] [fixed in 2.17.5] → [fixed in 2.16.4] [fixed in 2.17.5]
|
||
Updated•12 years ago
|
QA Contact: matty_is_a_geek → default-qa
You need to log in
before you can comment on or make changes to this bug.
Description
•