#68 codestriker is vulnerable to cross-site scripting (XSS)

closed-fixed
nobody
None
5
2008-01-18
2008-01-14
No

For example
Add %22%3E%3Cscript%3Ealert(%22XSS%22)%3C/script%3E
to the URL:
http://codestriker.sourceforge.net/cgi-bin/codestriker.pl?topic=7063366&action=view
It lets us run arbitrary javascript code. I think there will be perl module which can validate html form fields and strip malicious code from it if there is any.

Thanks to Dmitry Savintsev, my colleague who pointed it out.

Screen shot attached

Discussion

  • Arup Malakar

    Arup Malakar - 2008-01-14

    Screen shot of XSS in action

     
    Attachments
  • David Sitsky

    David Sitsky - 2008-01-18
    • status: open --> open-fixed
     
  • David Sitsky

    David Sitsky - 2008-01-18

    Logged In: YES
    user_id=208928
    Originator: NO

    Thanks - that is a good one, although we are only talking about the error page, so I can't see how this could be exploited.

    FWIW - the fix here was to HTML encode the error message which was the root cause of the problem. Line 305 for lib/Codestriker/Http/Input.pm has been changed to be:

    } else {
    my $error_message = "Input parameter $name has invalid value: " .
    HTML::Entities::encode($value);
    $self->{http_response}->error($error_message);
    }

    which fixes this issue. I'll check if there are other possible areas in the code.

     
  • David Sitsky

    David Sitsky - 2008-01-18
    • status: open-fixed --> closed-fixed
     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks