Bug #30753

SQL Injection in Scheduler Task of Linkvalidator

Added by Oliver Hader about 8 years ago. Updated almost 6 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Category:
Linkvalidator
Target version:
Start date:
2011-10-10
Due date:
% Done:

100%

TYPO3 Version:
4.5
PHP Version:
5.3
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

PoC:
  • install linkvalidator system extension
  • create new scheduler task
  • enter anything in field "start page (uid)"

The tx_linkvalidator_tasks_ValidatorAdditionalFieldProvider exectues a SQL query without casting the value to integer.

Severity: medium since only admin users can define new scheduler tasks

Affected: 4.5, 4.6

sec_30753.patch View - Security bug fix (1005 Bytes) Oliver Hader, 2011-10-10 21:33

Associated revisions

Revision ab5b7d99 (diff)
Added by Oliver Hader about 8 years ago

[BUGFIX][SECURITY] SQL Injection in Scheduler Task of Linkvalidator

The field "start page (uid)" in the addition fields for the Scheduler
task is not sanitized on executing a SQL query to look up the page.

Change-Id: I99f7ac32ed16ef3d2be9673ee2d0af72ed0c5b0c
Resolves: #30753
Releases: 4.5,4.6

Revision 062cd63a (diff)
Added by Oliver Hader about 8 years ago

[BUGFIX][SECURITY] SQL Injection in Scheduler Task of Linkvalidator

The field "start page (uid)" in the addition fields for the Scheduler
task is not sanitized on executing a SQL query to look up the page.

Change-Id: Ic4e01420e87d5187e3181a5976b7f4132e898327
Resolves: #30753
Releases: 4.5,4.6

History

#1 Updated by Oliver Hader about 8 years ago

#2 Updated by Helmut Hummel about 8 years ago

According to our decision made in Berlin, this can be fixed publicly as it can only be exploited by admins.

See: http://buzz.typo3.org/teams/security/article/incident-handling-of-typo3-core-issues/

Any objections?

#3 Updated by Oliver Hader about 8 years ago

  • Project changed from Core Security to TYPO3 Core
  • Category deleted (OW-A01: Injection)

#4 Updated by Oliver Hader about 8 years ago

  • Status changed from New to Under Review
  • Assignee changed from Helmut Hummel to Oliver Hader

#5 Updated by Mr. Hudson about 8 years ago

Patch set 1 of change I99f7ac32ed16ef3d2be9673ee2d0af72ed0c5b0c has been pushed to the review server.
It is available at http://review.typo3.org/5698

#6 Updated by Mr. Hudson about 8 years ago

Patch set 1 of change Ic4e01420e87d5187e3181a5976b7f4132e898327 has been pushed to the review server.
It is available at http://review.typo3.org/5700

#7 Updated by Oliver Hader about 8 years ago

  • Project changed from TYPO3 Core to Linkvalidator
  • Assignee changed from Oliver Hader to Philipp Gampe

#8 Updated by Mr. Hudson about 8 years ago

Patch set 1 of change Ic4e01420e87d5187e3181a5976b7f4132e898327 has been pushed to the review server.
It is available at http://review.typo3.org/5701

#9 Updated by Oliver Hader about 8 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100

Applied in changeset commit:4050d07e0ee4364909b8d6e76bbabd218a5bb399.

#10 Updated by Chris topher over 7 years ago

  • Status changed from Resolved to Closed

#11 Updated by Michael Stucki almost 6 years ago

  • Category set to Linkvalidator

#12 Updated by Michael Stucki almost 6 years ago

  • Project changed from Linkvalidator to TYPO3 Core
  • Category changed from Linkvalidator to Linkvalidator

Also available in: Atom PDF