phpipam / Patches / #42 Incomplete XSS Prevention

#42 Incomplete XSS Prevention

Milestone: Unstable_(example)

Status: open

Owner: Miha Petkovsek

Labels: security (1)

Priority: 1

Updated: 2017-05-04

Created: 2017-04-27

Creator: Anonymous

Private: No

Hi,

The code makes heavy use of the strip_tags() function in an effort to prevent XSS attacks. However, under some circumstances this not enough. For example, the onmouseover() JavaScript function can be used to perform XSS attacks.

For example:

https://host/?page=tools&section=search&addresses=on&subnets=on&vlans=on&vrf=on&ip=%27%20onmouseover=%27alert%28document.cookie%29%27

This results in the user's cookie being displayed in a popup box. A real attacker would likley exploit this vulnerability to have the cookie sent to a machine under their control.

Rather than use strip_tags(), a better solution sould be to use htmlspecialchars, which would properly escape any unsafe characters, such as '<', '>', etc. (http://php.net/htmlspecialchars)

More details on preventing XSS here.

Cheers.

Will.

Discussion

Miha Petkovsek - 2017-05-04

Hi Will, is this for version 1.2 ? Maybe try development 1.3 ?
https://github.com/phpipam/phpipam

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Anonymous
  
  Add attachments
  Cancel
  You seem to have CSS turned off. Please don't fill out this field.
  
  You seem to have CSS turned off. Please don't fill out this field.

Anonymous

Incomplete XSS Prevention

phpipam open-source IP address management

Group

Searches

Help

#42 Incomplete XSS Prevention

Discussion