Core Security Technologies - CoreLabs
Advisory
http://www.coresecurity.com/corelabs/
Multiple XSS and Injection Vulnerabilities in TestLink Test Management
and Execution System
1. *Advisory Information*
------------------
Information
------------------
Name: SQL Injection Vulnerabilities in TestLink
Software tested: TL v1.8.5b & checked in v1.9.3 (prior version may be
affected)
Vendor Homepage: http://www.teamst.org
Vendor Notification: 27 January 2012
Vendor Patch: 4 February 2012
Public Disclosure: 20 February 2012
By creating a specially crafted link an attacker can run arbitrary
commands with the privileges of the web server process. By altering the
URL field of a link the data files created can be manipulated. Under
normal usage a user can create a new link under a group, say the
'test_group' with the name 'testlink', the URL '192.168.0.1' and the
description 'test description'. This file is then stored in pPIM's root
directory under the links/test_group/ directory as testlink.link.
Viewing this file we see:
$ cat testlink.link
