Uploaded image for project: 'Newscoop'
  1. Newscoop
  2. CS-4184

Input passed via the "error_code" GET

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.5.3
    • Fix Version/s: 4.0 RC4
    • Component/s: None
    • Labels:
      None
    • Originating Party:
      Experts
    • OS:
      Ubuntu 10.04
    • Browser:
      Firefox

      Description

      Doesn't exist in 4.0 but exist in 3.5.4

      3.2 Input passed via the "error_code" GET parameter to
      /admin/login.php is not properly sanitised before being returned to
      the user.
      This can be exploited to execute arbitrary HTML and script code in
      user's browser session in context of the affected website.

      The following PoC demonstrates the vulnerability:

      http://[host]/admin/login.php?error_code=upgrade&f_user_name=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E

        Attachments

          Activity

            People

            • Assignee:
              ofir.gal Ofir Gal
              Reporter:
              ofir.gal Ofir Gal
              Implemented by:
              Petr Jasek
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Zendesk Support

                  Time Tracking

                  Estimated:
                  Original Estimate - 2 hours
                  2h
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 hour Time Not Required
                  1h

                    Potential Duplicates