Security Advisory: RT: Request Tracker vuln. - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  Barracuda vuln.
  TextFileBB 1.0.16 Multiple XSS
  TopList <= 1.3.8 (PHPBB Hack) Remote File Inclusion Vulnerability
  XSS Attack On DirectAdmin Hosting Managment

From: r0t <krustevs_(at)_googlemail.com>
Date: 30.04.2006
Subject: RT: Request Tracker vuln.

RT: Request Tracker vuln.

###############################################
Vuln. discovered by : r0t
Date: 30 april 2006
vendor:www.bestpractical.com/?rt=3.5.HEAD
affected versions:RT 3.5.HEAD
orginal advisory:
http://pridels.blogspot.com/2006/04/rt-request-tracker-vuln.html
###############################################

Vuln. Description:

RT contains a flaw that may lead to an unauthorized information disclosure.
The issue is triggered when a remote attacker submits requests in "Rows"
parameter in "/Dist/Display.html".
Which will disclose the software's installation path resulting in a loss of
confidentiality. While such information is relatively low risk, it is often
useful in carrying out additional, more focused attacks.

example:

/Dist/Display.html?Status=Active&Name=google&Rows=[CODE]

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

test server