Re: [ GLSA 200501-45 ] Gallery: Cross-site scripting vulnerability
From: Paul Laudanski (zx_at_castlecops.com)
Date: 01/31/05
- Previous message: Christoph Schnidrig: "RE: [Full-Disclosure] OT: Tool for sanitizing MS office documents?"
- In reply to: Luke Macken: "[Full-Disclosure] [ GLSA 200501-45 ] Gallery: Cross-site scripting vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 30 Jan 2005 20:17:20 -0500 (EST) To: Luke Macken <lewk@gentoo.org>
Thanks for the notification. Lets keep in mind that we don't want to see
another form of the highlight or sanity issue here, as the removeTags is
simply the strip_tags PHP function. As we've seen, not all attacks will
have HTML tags in them.
gallery fix:
$username = htmlspecialchars(removeTags(urldecode($username)));
(The same also found in search.php)
phpbb pre-fix:
$words = explode(' ', trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight']))));
phpbb fix:
$words = explode(' ', trim(htmlspecialchars($HTTP_GET_VARS['highlight'])));
I have not taken the time to audit the code, but as we've all become
familiar with the raw encoded URL during the wonderful days of Christmas,
it would be a good idea to run a quick test to ensure that base is
covered. So hopefully I'm wrong and just being over-paranoid.
In any case, thanks for the update. Please correct me if I'm off base
while thinking aloud.
On Sun, 30 Jan 2005, Luke Macken wrote:
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> Gentoo Linux Security Advisory GLSA 200501-45
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> http://security.gentoo.org/
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>
> Severity: Low
> Title: Gallery: Cross-site scripting vulnerability
> Date: January 30, 2005
> Bugs: #78522
> ID: 200501-45
>
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>
-- Regards, Paul Laudanski - Computer Cops, LLC. CastleCops(SM) - http://castlecops.com http://justalittlepoke.com | http://cuddlesnkisses.com | http://zhen-xjell.com
- Previous message: Christoph Schnidrig: "RE: [Full-Disclosure] OT: Tool for sanitizing MS office documents?"
- In reply to: Luke Macken: "[Full-Disclosure] [ GLSA 200501-45 ] Gallery: Cross-site scripting vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
