Newscoop
  1. Newscoop
  2. CS-4183

Input passed via the "token" and "f_email" GET

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 3.5.3, 4.0 RC3
    • Fix Version/s: 4.0 RC4
    • Component/s: None
    • Labels:
      None
    • Originating Party:
      Experts
    • OS:
      Ubuntu 10.04
    • Browser:
      Firefox

      Description

      3.3 Input passed via the "token" and "f_email" GET parameters to
      /admin/password_check_token.php is not properly sanitised before being
      returned to the user.
      This can be exploited to execute arbitrary HTML and script code in
      user's browser session in context of the affected website.

      The following PoC demonstrate the vulnerabilities:

      http://[host]/admin/password_check_token.php?token=1&f_email=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
      http://[host]/admin/password_check_token.php?f_email=1&token=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E

        Activity

        Hide
        Petr Jasek added a comment -

        fixed for 3.5 and 4.0

        Show
        Petr Jasek added a comment - fixed for 3.5 and 4.0

          People

          • Assignee:
            Ofir Gal
            Reporter:
            Ofir Gal
            Implemented by:
            Petr Jasek
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development

                Poker Sessions

                This issue is currently not assigned to any Poker Session.