Uploaded image for project: 'Newscoop'
  1. Newscoop
  2. CS-4184

Input passed via the "error_code" GET

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.5.3
    • Fix Version/s: 4.0 RC4
    • Component/s: None
    • Labels:
      None
    • Originating Party:
      Experts
    • OS:
      Ubuntu 10.04
    • Browser:
      Firefox

      Description

      Doesn't exist in 4.0 but exist in 3.5.4

      3.2 Input passed via the "error_code" GET parameter to
      /admin/login.php is not properly sanitised before being returned to
      the user.
      This can be exploited to execute arbitrary HTML and script code in
      user's browser session in context of the affected website.

      The following PoC demonstrates the vulnerability:

      http://[host]/admin/login.php?error_code=upgrade&f_user_name=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E

        Attachments

          Activity

          There are no comments yet on this issue.

            People

            • Assignee:
              ofir.gal Ofir Gal
              Reporter:
              ofir.gal Ofir Gal
              Implemented by:
              Petr Jasek
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 2 hours
                2h
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 hour Time Not Required
                1h