czwartek, 11 maja 2017

Exploiting TestLink 1.9.16 - Bitnami Edition

Hi, in my last post you probably saw some ("started") modules for TestLink... So, yeah, below you will find some details about one of the bug(s) I found during tests related to (last available version of) TestLink (1.9.16) - thanks goes to Bitnami for preparing VM. So...

Bug described below is related to admin's panel. Example request looks like this:

...and just in case you want to verify it by sqlmap - response below:

Found: 27.04.2017.

There are also other bugs, not only SQL-related, so have fun. :)


Brak komentarzy:

Prześlij komentarz