Menu

#12 XSS Vulnerability

open
fix (3)
5
2012-09-14
2011-09-09
Anonymous
No

An external penetration test against our upload site was able to execute Javascript alerts with the following URL

http://XXX-MyServer-XXX/index.php?lang=en&action=login&step=1"><script>alert("Proof%20of%20concept")</script>

I was able to fix this by using the htmlentities command to filter the input of the step & input variables

diff of www/index.php

--- /root/openupload-0.4.2/www/index.php 2010-11-20 10:39:43.000000000 +0000
+++ index.php 2011-09-07 10:01:43.000000000 +0100
@@ -45,6 +45,8 @@
} else {
$action = '';
}
+ $action = htmlentities($action);
+
if (isset($_GET['s'])) {
$step = $_GET['s'];
} else if (isset($_GET['step'])) {
@@ -54,6 +56,8 @@
} else {
$step = '';
}
+$step = htmlentities($step);
+
$configfile = 'config.inc.php';
if (defined('__NOT_MAIN_SCRIPT'))
$configfile = 'www/'.$configfile;

Discussion

  • Alessandro Briosi

    WOW, that's correct.
    thanks for the tip.

    Alessandro

     
  • Alessandro Briosi

    should be fixed in SVN

     

Anonymous
Anonymous

Add attachments
Cancel





Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.