Re: [ GLSA 200501-45 ] Gallery: Cross-site scripting vulnerability

From: Paul Laudanski (zx_at_castlecops.com)
Date: 01/31/05

  • Next message: Mandrakelinux Security Team: "MDKSA-2005:025 - Updated clamav packages fix vulnerability"
    Date: Sun, 30 Jan 2005 20:17:20 -0500 (EST)
    To: Luke Macken <lewk@gentoo.org>
    
    

    Thanks for the notification. Lets keep in mind that we don't want to see
    another form of the highlight or sanity issue here, as the removeTags is
    simply the strip_tags PHP function. As we've seen, not all attacks will
    have HTML tags in them.

    gallery fix:

     $username = htmlspecialchars(removeTags(urldecode($username)));

    (The same also found in search.php)

    phpbb pre-fix:

     $words = explode(' ', trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight']))));

    phpbb fix:

     $words = explode(' ', trim(htmlspecialchars($HTTP_GET_VARS['highlight'])));

    I have not taken the time to audit the code, but as we've all become
    familiar with the raw encoded URL during the wonderful days of Christmas,
    it would be a good idea to run a quick test to ensure that base is
    covered. So hopefully I'm wrong and just being over-paranoid.

    In any case, thanks for the update. Please correct me if I'm off base
    while thinking aloud.

    On Sun, 30 Jan 2005, Luke Macken wrote:

    > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    > Gentoo Linux Security Advisory GLSA 200501-45
    > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    > http://security.gentoo.org/
    > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    >
    > Severity: Low
    > Title: Gallery: Cross-site scripting vulnerability
    > Date: January 30, 2005
    > Bugs: #78522
    > ID: 200501-45
    >
    > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    >

    -- 
    Regards,
    Paul Laudanski - Computer Cops, LLC.
    CastleCops(SM) - http://castlecops.com
    http://justalittlepoke.com | http://cuddlesnkisses.com | 
    http://zhen-xjell.com
    

  • Next message: Mandrakelinux Security Team: "MDKSA-2005:025 - Updated clamav packages fix vulnerability"

    Relevant Pages