Bug #42651
closed
Information disclosure in adodb/
100%
Description
not fully tested but IMO it possible to select any data from any table within TYPO3\CMS\Adodb\View\CheckConnectionWizardView, just a be login needs to be needed
entry point: www.domain.tld/typo3/sysext/adodb/checkconnectionwizard.php?P[table]=tx_datasources_datasource
Updated by Christian Kuhn almost 11 years ago
scenario:
ext:datasources must be installed, then some non-admin can "dump" the data of any row of this table via checkconnectionwiz.
it is not possible to dump an arbitrary table, and also this does not work if adodb or datasources is not installed.
Updated by Christian Kuhn almost 11 years ago
Strategy:
Remove all this "connection" code that depends on ext:datasources in 6.2. For versions below, the script is sanitized a bit better with a "if not be_user is admin -> die" or similar.
Updated by Christian Kuhn almost 11 years ago
- Project changed from 1716 to TYPO3 Core
- Category deleted (
T3-03: Information Disclosure)
Since the attack vector is very low, this issue is opened and goes through the regular review process now.
Updated by Gerrit Code Review almost 11 years ago
- Status changed from New to Under Review
Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/25759
Updated by Gerrit Code Review almost 11 years ago
Patch set 1 for branch TYPO3_4-5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/25760
Updated by Gerrit Code Review almost 11 years ago
Patch set 1 for branch TYPO3_4-7 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/25761
Updated by Gerrit Code Review almost 11 years ago
Patch set 1 for branch TYPO3_6-0 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/25762
Updated by Gerrit Code Review almost 11 years ago
Patch set 1 for branch TYPO3_6-1 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/25763
Updated by Gerrit Code Review almost 11 years ago
Patch set 2 for branch TYPO3_6-1 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/25763
Updated by Gerrit Code Review almost 11 years ago
Patch set 2 for branch TYPO3_6-0 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/25762
Updated by Gerrit Code Review almost 11 years ago
Patch set 2 for branch TYPO3_4-7 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/25761
Updated by Gerrit Code Review almost 11 years ago
Patch set 2 for branch TYPO3_4-5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/25760
Updated by Christian Kuhn almost 11 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 309e93ac50baa1d3db323cb21fc2f57f0d550b0b.
Updated by