The Bug Genie team blog

What's cooking behind the scenes of The Bug Genie

Further details on security issues fixed in The Bug Genie 2.1.2

with one comment

As announced a few days ago, a couple of security flaws have been fixed in The Bug Genie 2.1.2. More information on the fixed flaws are now available as Secunia Advisory SA42081.

We would like to thank Russ McRee and Secunia for bringing these issues to our attention.

The first issue was an XSS flaw in scope handling. You can manually specify the scope in the URL, and if the scope is invalid the value entered is returned to the user. This means that if a <script> tag is specified as the scope ID, it would be possible to execute JavaScript code on the error page. This has been fixed by just stating the scope is invalid if it is not a number, and only returning the number if the numbered scope does not exist.

The second flaw was with requests not being verified to see if they were actioned by The Bug Genie itself. That means that a link to the user delete page can be disguised as an otherwise harmless link, assuming a user with relevant permissions is logged in. All requests that manipulate data now verify that The Bug Genie initiated the request, by requiring a unique token to be specified in the request (which is also stored in the session), and this token is verified against the session cookie. If there is a difference, then the request is discarded.

Both issues are now fixed and included in the latest release, as previously stated.

Written by lsproc

November 18, 2010 at 10:14

Posted in The Bug Genie 2

One Response

Subscribe to comments with RSS.

  1. Hi to all, how is the whole thing, I think every one is getting more from this web site, and
    your views are pleasant designed for new visitors.

    Florencia

    March 8, 2013 at 23:55


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: