Uploaded image for project: 'Newscoop'
  1. Newscoop
  2. CS-4183

Input passed via the "token" and "f_email" GET

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.5.3, 4.0 RC3
    • Fix Version/s: 4.0 RC4
    • Component/s: None
    • Labels:
      None
    • Originating Party:
      Experts
    • OS:
      Ubuntu 10.04
    • Browser:
      Firefox

      Description

      3.3 Input passed via the "token" and "f_email" GET parameters to
      /admin/password_check_token.php is not properly sanitised before being
      returned to the user.
      This can be exploited to execute arbitrary HTML and script code in
      user's browser session in context of the affected website.

      The following PoC demonstrate the vulnerabilities:

      http://[host]/admin/password_check_token.php?token=1&f_email=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
      http://[host]/admin/password_check_token.php?f_email=1&token=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E

        Attachments

          Activity

          Hide
          petr.jasek Petr Jasek added a comment -

          fixed for 3.5 and 4.0

          Show
          petr.jasek Petr Jasek added a comment - fixed for 3.5 and 4.0

            People

            • Assignee:
              ofir.gal Ofir Gal
              Reporter:
              ofir.gal Ofir Gal
              Implemented by:
              Petr Jasek
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: