Bug #42651

Information disclosure in adodb/

Added by Georg Ringer over 8 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
Should have
Assignee:
-
Category:
-
Target version:
-
Start date:
2012-11-02
Due date:
% Done:

100%

Estimated time:
TYPO3 Version:
6.0
PHP Version:
Tags:
Complexity:
Is Regression:
Sprint Focus:

Description

not fully tested but IMO it possible to select any data from any table within TYPO3\CMS\Adodb\View\CheckConnectionWizardView, just a be login needs to be needed

entry point: www.domain.tld/typo3/sysext/adodb/checkconnectionwizard.php?P[table]=tx_datasources_datasource


Related issues

Related to TYPO3 Core - Task #54078: ext:adodb Remove obsolete diffs from doc/Closed2013-11-29

Actions
#1

Updated by Christian Kuhn over 7 years ago

scenario:

ext:datasources must be installed, then some non-admin can "dump" the data of any row of this table via checkconnectionwiz.

it is not possible to dump an arbitrary table, and also this does not work if adodb or datasources is not installed.

#2

Updated by Christian Kuhn over 7 years ago

Strategy:
Remove all this "connection" code that depends on ext:datasources in 6.2. For versions below, the script is sanitized a bit better with a "if not be_user is admin -> die" or similar.

#3

Updated by Christian Kuhn over 7 years ago

  • Project changed from 1716 to TYPO3 Core
  • Category deleted (T3-03: Information Disclosure)

Since the attack vector is very low, this issue is opened and goes through the regular review process now.

#4

Updated by Gerrit Code Review over 7 years ago

  • Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/25759

#5

Updated by Gerrit Code Review over 7 years ago

Patch set 1 for branch TYPO3_4-5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/25760

#6

Updated by Gerrit Code Review over 7 years ago

Patch set 1 for branch TYPO3_4-7 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/25761

#7

Updated by Gerrit Code Review over 7 years ago

Patch set 1 for branch TYPO3_6-0 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/25762

#8

Updated by Gerrit Code Review over 7 years ago

Patch set 1 for branch TYPO3_6-1 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/25763

#9

Updated by Gerrit Code Review over 7 years ago

Patch set 2 for branch TYPO3_6-1 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/25763

#10

Updated by Gerrit Code Review over 7 years ago

Patch set 2 for branch TYPO3_6-0 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/25762

#11

Updated by Gerrit Code Review over 7 years ago

Patch set 2 for branch TYPO3_4-7 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/25761

#12

Updated by Gerrit Code Review over 7 years ago

Patch set 2 for branch TYPO3_4-5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/25760

#13

Updated by Christian Kuhn over 7 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100
#14

Updated by Benni Mack over 2 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF