RT: Request Tracker vuln.

RT: Request Tracker vuln.

###############################################
Vuln. discovered by : r0t
Date: 30 april 2006
vendor:www.bestpractical.com/?rt=3.5.HEAD
affected versions:RT 3.5.HEAD
orginal advisory:
http://pridels.blogspot.com/2006/04/rt-request-tracker-vuln.html
###############################################

Vuln. Description:

RT contains a flaw that may lead to an unauthorized information disclosure.
The issue is triggered when a remote attacker submits requests in "Rows"
parameter in "/Dist/Display.html".
Which will disclose the software's installation path resulting in a loss of
confidentiality. While such information is relatively low risk, it is often
useful in carrying out additional, more focused attacks.

example:

/Dist/Display.html?Status=Active&Name=google&Rows=[CODE]

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/