[Phplib-trackers] [ phplib-Bugs-450712 ] cross site scripting attack
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
[Phplib-trackers] [ phplib-Bugs-450712 ] cross site scripting attack
|
From: <no...@so...> - 2001-08-15 11:02:02
|
Bugs item #450712, was opened at 2001-08-13 23:48 You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=450712&group_id=31885 Category: None Group: None Status: Open Resolution: None Priority: 5 Submitted By: Richard Archer (richardarcher) Assigned to: Nobody/Anonymous (nobody) Summary: cross site scripting attack Initial Comment: reposted from mailing list At 2:06 PM +0100 28/2/01, Daniel Naber wrote: >Hi, > >with PHP lib 7.2b (and it seems no different in CVS) there's a cross site >scripting attack possible. > >Anyone can use such a link to break out of the input field: >http://server/home.php?username=X">YYY >(home.php needs to be a page that's protected with my_Auth) > >This is a problem since any code, escpecially javascript code, can then be >placed on the page. This can be used to get a user's password. > >More general information is here: >http://www.cert.org/advisories/CA-2000-02.html > >The attached patch is supposed to fix the problem for crloginform.ihtml. >It would be great if someone with CVS write access could check + apply it >(also for at least the other login form file. I don't know about other >places, since I'm not so familiar with PHP lib). > >Regards > Daniel > >-- >Daniel Naber, Paul-Gerhardt-Str. 2, 33332 Guetersloh, Germany >Tel. 05241-59371, Mobil 0170-4819674 ---------------------------------------------------------------------- >Comment By: Richard Archer (richardarcher) Date: 2001-08-15 04:02 Message: Logged In: YES user_id=279311 OK. I've read up on the vulnerability and it looks to me as if it is only relevant if the inserted data is being displayed on a page presented to an unsuspecting user. If this is the case, this is a non-issue, as the data entered here can only ever be shown to the person who entered it. And there's no point trying to capture your own password. I must admit, I find this vulnerability rather confusing so I might have this wrong. ---------------------------------------------------------------------- You can respond by visiting: http://sourceforge.net/tracker/?func=detail&atid=403611&aid=450712&group_id=31885 |
