Bug #42651: Information disclosure in adodb/ - TYPO3 Core - TYPO3 Forge

Custom queries

Accessibility
Easy tasks
Forge Triage
JavaScript issues
JavaScript Issues (w/o Epics/Stories)
My open issues
No feedback within 90 days
Open Bugs
Open issues of 10
Recently modified
Regressions
Stabilization Issues
Usability or UX

Actions

Copy link

Bug #42651

closed

Information disclosure in adodb/

Added by Georg Ringer about 12 years ago. Updated about 6 years ago.

Status:

Closed

Priority:

Should have

Assignee:

Category:

Target version:

Start date:

2012-11-02

Due date:

% Done:

100%

Estimated time:

TYPO3 Version:

6.0

PHP Version:

Tags:

Complexity:

Is Regression:

Sprint Focus:

Description

not fully tested but IMO it possible to select any data from any table within TYPO3\CMS\Adodb\View\CheckConnectionWizardView, just a be login needs to be needed

entry point: www.domain.tld/typo3/sysext/adodb/checkconnectionwizard.php?P[table]=tx_datasources_datasource

Related issues 1 (0 open — 1 closed)

Related to TYPO3 Core - Task #54078: ext:adodb Remove obsolete diffs from doc/

Closed

2013-11-29

Actions

Issue # Delay: days Cancel

History
Notes
Property changes
Associated revisions

Actions

Copy link

Updated by Christian Kuhn almost 11 years ago

scenario:

ext:datasources must be installed, then some non-admin can "dump" the data of any row of this table via checkconnectionwiz.

it is not possible to dump an arbitrary table, and also this does not work if adodb or datasources is not installed.

Actions

Copy link

Updated by Christian Kuhn almost 11 years ago

Strategy:
Remove all this "connection" code that depends on ext:datasources in 6.2. For versions below, the script is sanitized a bit better with a "if not be_user is admin -> die" or similar.

Actions

Copy link

Updated by Christian Kuhn almost 11 years ago

Project changed from 1716 to TYPO3 Core
Category deleted (~~T3-03: Information Disclosure~~)

Since the attack vector is very low, this issue is opened and goes through the regular review process now.

Actions

Copy link

Updated by Gerrit Code Review almost 11 years ago

Status changed from New to Under Review

Patch set 1 for branch master of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/25759

Actions

Copy link

Updated by Gerrit Code Review almost 11 years ago

Patch set 1 for branch TYPO3_4-5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/25760

Actions

Copy link

Updated by Gerrit Code Review almost 11 years ago

Patch set 1 for branch TYPO3_4-7 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/25761

Actions

Copy link

Updated by Gerrit Code Review almost 11 years ago

Patch set 1 for branch TYPO3_6-0 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/25762

Actions

Copy link

Updated by Gerrit Code Review almost 11 years ago

Patch set 1 for branch TYPO3_6-1 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/25763

Actions

Copy link

Updated by Gerrit Code Review almost 11 years ago

Patch set 2 for branch TYPO3_6-1 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/25763

Actions

Copy link

#10

Updated by Gerrit Code Review almost 11 years ago

Patch set 2 for branch TYPO3_6-0 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/25762

Actions

Copy link

#11

Updated by Gerrit Code Review almost 11 years ago

Patch set 2 for branch TYPO3_4-7 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/25761

Actions

Copy link

#12

Updated by Gerrit Code Review almost 11 years ago

Patch set 2 for branch TYPO3_4-5 of project Packages/TYPO3.CMS has been pushed to the review server.
It is available at https://review.typo3.org/25760

Actions

Copy link

#13