Project

General

Profile

Actions
Copy link

Bug #30753

closed

SQL Injection in Scheduler Task of Linkvalidator

Added by Oliver Hader over 12 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Philipp Gampe
Category:
Linkvalidator
Target version:
4.5.7
Start date:
2011-10-10
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
4.5
PHP Version:
5.3
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

PoC:
  • install linkvalidator system extension
  • create new scheduler task
  • enter anything in field "start page (uid)"

The tx_linkvalidator_tasks_ValidatorAdditionalFieldProvider exectues a SQL query without casting the value to integer.

Severity: medium since only admin users can define new scheduler tasks

Affected: 4.5, 4.6

Files

sec_30753.patch (1005 Bytes) sec_30753.patch Security bug fix Oliver Hader, 2011-10-10 21:33
Actions
Copy link
 #2

Updated by Helmut Hummel over 12 years ago

According to our decision made in Berlin, this can be fixed publicly as it can only be exploited by admins.

See: http://buzz.typo3.org/teams/security/article/incident-handling-of-typo3-core-issues/

Any objections?

Actions
Copy link
 #3

Updated by Oliver Hader over 12 years ago

  • Project changed from 1716 to TYPO3 Core
  • Category deleted (OW-A01: Injection)
Actions
Copy link
 #4

Updated by Oliver Hader over 12 years ago

  • Status changed from New to Under Review
  • Assignee changed from Helmut Hummel to Oliver Hader
Actions
Copy link
 #5

Updated by Mr. Hudson over 12 years ago

Patch set 1 of change I99f7ac32ed16ef3d2be9673ee2d0af72ed0c5b0c has been pushed to the review server.
It is available at http://review.typo3.org/5698

Actions
Copy link
 #6

Updated by Mr. Hudson over 12 years ago

Patch set 1 of change Ic4e01420e87d5187e3181a5976b7f4132e898327 has been pushed to the review server.
It is available at http://review.typo3.org/5700

Actions
Copy link
 #7

Updated by Oliver Hader over 12 years ago

  • Project changed from TYPO3 Core to 1510
  • Assignee changed from Oliver Hader to Philipp Gampe
Actions
Copy link
 #8

Updated by Mr. Hudson over 12 years ago

Patch set 1 of change Ic4e01420e87d5187e3181a5976b7f4132e898327 has been pushed to the review server.
It is available at http://review.typo3.org/5701

Actions
Copy link
 #9

Updated by Oliver Hader over 12 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100

Applied in changeset commit:4050d07e0ee4364909b8d6e76bbabd218a5bb399.

Actions
Copy link
 #10

Updated by Chris topher about 12 years ago

  • Status changed from Resolved to Closed
Actions
Copy link
 #11

Updated by Michael Stucki over 10 years ago

  • Category set to Linkvalidator
Actions
Copy link
 #12

Updated by Michael Stucki over 10 years ago

  • Project changed from 1510 to TYPO3 Core
  • Category changed from Linkvalidator to Linkvalidator
Actions
Copy link

Also available in: Atom PDF