#68 codestriker is vulnerable to cross-site scripting (XSS)

closed-fixed
nobody
None
5
2008-01-18
2008-01-14
Arup Malakar
No

For example
Add %22%3E%3Cscript%3Ealert(%22XSS%22)%3C/script%3E
to the URL:
http://codestriker.sourceforge.net/cgi-bin/codestriker.pl?topic=7063366&action=view
It lets us run arbitrary javascript code. I think there will be perl module which can validate html form fields and strip malicious code from it if there is any.

Thanks to Dmitry Savintsev, my colleague who pointed it out.

Screen shot attached

Discussion

  • Arup Malakar
    Arup Malakar
    2008-01-14

    Screen shot of XSS in action

     
    Attachments
  • David Sitsky
    David Sitsky
    2008-01-18

    • status: open --> open-fixed
     
  • David Sitsky
    David Sitsky
    2008-01-18

    Logged In: YES
    user_id=208928
    Originator: NO

    Thanks - that is a good one, although we are only talking about the error page, so I can't see how this could be exploited.

    FWIW - the fix here was to HTML encode the error message which was the root cause of the problem. Line 305 for lib/Codestriker/Http/Input.pm has been changed to be:

    } else {
    my $error_message = "Input parameter $name has invalid value: " .
    HTML::Entities::encode($value);
    $self->{http_response}->error($error_message);
    }

    which fixes this issue. I'll check if there are other possible areas in the code.

     
  • David Sitsky
    David Sitsky
    2008-01-18

    • status: open-fixed --> closed-fixed