openpacket-devel

[Richard B. <tao...@gm...>]

Hi Sharri,

I was doing some casual browsing of OpenPacket.org and encountered a few issues:

1. From

http://beta.openpacket.org:8080/post/showthread/6

clicking on Latest Posts

http://beta.openpacket.org:8080/post/latest

produced

We're sorry, but something went wrong.

We've been notified about this issue and we'll take a look at it shortly.

2. On the same page, clicking on Most Viewed

http://beta.openpacket.org:8080/post/mostviewed

produced the same error.

3. On the same page, clicking on Search

http://beta.openpacket.org:8080/post/search

produced

The page you were looking for doesn't exist.

You may have mistyped the address or the page may have moved.

4. When I post a reply to a Forum message, I see this warning:

Note:  These forums are unmoderated but any posts deemed offensive
will be promptly removed. Thank you for your cooperation.

I thought the Forum Manager link in the Admin Menu might do it

http://beta.openpacket.org:8080/forum_manager/list

but I got this error:

The page you were looking for doesn't exist.

You may have mistyped the address or the page may have moved.

5. It looks like the user registration process is vulnerable to XSS.
I noticed that when visiting the Manage Users link at

http://beta.openpacket.org:8080/user_manager/list

I got two results indicating XSS:

  <tr>
    <td><ScRiPt

>alert(831501365);</ScRiPt></td>
    <td>111...@ad... 111...@ad...</td>
    <td>111...@ad...</td>
    <td>Registered User</td>
    <td><a href="/user_manager/edit/22">Edit</a></td>

    <td><a href="/user_manager/destroy/22" onclick="if (confirm('Are
you sure?')) { var f = document.createElement('form'); f.style.display
= 'none'; this.parentNode.appendChild(f); f.method = 'POST'; f.action
= this.href;f.submit(); };return false;">Destroy</a></td>
  </tr>

and

  <tr>
    <td>111...@ad...</td>
    <td>111...@ad... 111...@ad...</td>
    <td><ScRiPt

>alert(1651137805);</ScRiPt></td>

    <td>Registered User</td>
    <td><a href="/user_manager/edit/23">Edit</a></td>
    <td><a href="/user_manager/destroy/23" onclick="if (confirm('Are
you sure?')) { var f = document.createElement('form'); f.style.display
= 'none'; this.parentNode.appendChild(f); f.method = 'POST'; f.action
= this.href;f.submit(); };return false;">Destroy</a></td>
  </tr>

6. I tried uploading a trace with DNS traffic to the capture repo.  I
got this error:

4 errors prohibited this capture from being saved

There were problems with the following fields:

    * Content type can't be blank
    * Size is not included in the list
    * Size can't be blank
    * Filename can't be blank

I provided this for the Tshark field:

===================================================================
Protocol Hierarchy Statistics
Filter: frame

frame                                    frames:6 bytes:612
  eth                                    frames:6 bytes:612
    ip                                   frames:6 bytes:612
      udp                                frames:6 bytes:612
        dns                              frames:6 bytes:612
===================================================================

I left the tags blank.  Can we have the tags auto-populate based on
the results of the Tshark output?

Thanks a lot Sharri!

Sincerely,

Richard