Tracker: Bugs

5 codestriker is vulnerable to cross-site scripting (XSS) - ID: 1870921
Last Update: Settings changed ( sits )

For example
Add %22%3E%3Cscript%3Ealert(%22XSS%22)%3C/script%3E
to the URL:
http://codestriker.sourceforge.net/cgi-bin/codestriker.pl?topic=7063366&action=view
It lets us run arbitrary javascript code. I think there will be perl module which can validate html form fields and strip malicious code from it if there is any.

Thanks to Dmitry Savintsev, my colleague who pointed it out.

Screen shot attached

Arup Malakar ( amalakar ) - 2008-01-14 01:04:38 PST

5

Closed

Fixed

Nobody/Anonymous

None

None

Public


Comment ( 1 )

Date: 2008-01-18 13:13:17 PST
Sender: sitsProject Admin


Thanks - that is a good one, although we are only talking about the error
page, so I can't see how this could be exploited.

FWIW - the fix here was to HTML encode the error message which was the root
cause of the problem. Line 305 for lib/Codestriker/Http/Input.pm has been
changed to be:

} else {
my $error_message = "Input parameter $name has invalid value: " .
HTML::Entities::encode($value);
$self->{http_response}->error($error_message);
}

which fixes this issue. I'll check if there are other possible areas in
the code.

Attached File ( 1 )

Filename Description Download
codestriker_xss.png Screen shot of XSS in action Download

Changes ( 4 )

Field Old Value Date By
status_id Open 2008-01-18 14:44:43 PST sits
close_date - 2008-01-18 14:44:43 PST sits
resolution_id None 2008-01-18 13:13:17 PST sits
File Added 262097: codestriker_xss.png 2008-01-14 01:04:38 PST amalakar