| View previous topic :: View next topic |
| Author |
Message |
spyer
Joined: 27 Mar 2008
Posts: 28
|
 Posted: May 02, 2008 2:53 pm Post subject: [BUG] Cross Site Scripting Two found [FIXED] |
 |
|
when you send a message from the contact system.. you'll be redirected to the main page with a message to tell you whether it was a success or failure.
the url is like this http://website.com/?msg=Message sent successfully
but anyone can come and change "Message sent successfully" to whatever they want.
try this... SORRY EZYFILE 
| Code: | | http://www.ezyfile.net/?msg=%3Cscript%3Ealert(%22CROSS SITE SCRIPTING%22)%3C/script%3E |
also when sending reports
i'll post them here
| Code: |
LINE: 446 $ses->redirect("$c->{site_url}/?msg=Message sent successfully");
LINE: 1581 $ses->redirect("$c->{site_url}/?msg=Report sent successfully");
|
Thank you
Last edited by spyer on May 06, 2008 4:30 pm; edited 3 times in total |
|
| Back to top |
|
 |
Namaless
Joined: 20 Apr 2008
Posts: 107
Location: Italy
|
| Posted: May 03, 2008 10:50 am Post subject: |
|
|
WOW!
Please change title to "[BUG] XSS Message Sent" for major identification about problem.
Regards. |
|
| Back to top |
|
|
PilgrimX182
Joined: 22 Mar 2006
Posts: 1107
Location: Undisclosed location
|
| Posted: May 03, 2008 12:43 pm Post subject: |
|
|
Sorry guys, we have holidays over here, will fix everything on Monday.
But to quickly fix this "?msg=" you can add this to the end of "sub new" function in Session.pm:
| Code: | | $self->f->{msg}=~s/[\<\>\"]+//g; |
|
|
| Back to top |
|
|
Namaless
Joined: 20 Apr 2008
Posts: 107
Location: Italy
|
| Posted: May 03, 2008 2:04 pm Post subject: |
|
|
| PilgrimX182 wrote: | Sorry guys, we have holidays over here, will fix everything on Monday.
But to quickly fix this "?msg=" you can add this to the end of "sub new" function in Session.pm:
| Code: | | $self->f->{msg}=~s/[\<\>\"]+//g; |
|
I have tryed to edit this file, but I view crypted.. is possible to have a file fixed?
Regards. |
|
| Back to top |
|
|
spyer
Joined: 27 Mar 2008
Posts: 28
|
| Posted: May 03, 2008 3:45 pm Post subject: |
|
|
i've tried adding the code Pilgrim wrote and it didn't work as it should.. i always get an error...
I encrypted the code so it become hopefully correct
| Code: |
$frys+>s+>{zft}&=&~f/[\<\>\"]+//t;
|
but i've had some issues with it...
i added it in the [sub new] function as you said Pilgrim
so this is the final results
| Code: | $frys+>vavgPTV();
$frys+>{nhgu_pbbx}='ksff';
$frys+>s+>{zft}&=&~f/[\<\>\"]+//t;
erghea&$frys; |
i've added it in line 20... now no message is sent when you try "?msg=whatever"
you get this number [4294967295] on all pages some green color some brown.
when you add this
| Code: | | $frys+>s+>{zft}&=&//; |
nothing come up.. also "?msg=" don't work at all
what do you think people? |
|
| Back to top |
|
|
spyer
Joined: 27 Mar 2008
Posts: 28
|
| Posted: May 03, 2008 5:08 pm Post subject: |
|
|
i think i've got a solution,, i don't know if Pilgrim agree or not...
to replace
| Code: |
LINE: 446 $ses->redirect("$c->{site_url}/?msg=Message sent successfully");
LINE: 1581 $ses->redirect("$c->{site_url}/?msg=Report sent successfully");
|
with
| Code: |
LINE: 446 $f->{msg}.="Message sent successfully";
LINE: 1581 $f->{msg}.="Report sent successfully";
|
and mark the old line or remove it.. and if you ever need it you can find it here.... i've tested it and it works fine |
|
| Back to top |
|
|
Namaless
Joined: 20 Apr 2008
Posts: 107
Location: Italy
|
| Posted: May 03, 2008 5:10 pm Post subject: |
|
|
| spyer wrote: | i think i've got a solution,, i don't know if Pilgrim agree or not...
to replace
| Code: |
LINE: 446 $ses->redirect("$c->{site_url}/?msg=Message sent successfully");
LINE: 1581 $ses->redirect("$c->{site_url}/?msg=Report sent successfully");
|
with
| Code: |
LINE: 446 $f->{msg}.="Message sent successfully";
LINE: 1581 $f->{msg}.="Report sent successfully";
|
and mark the old line or remove it.. and if you ever need it you can find it here.... i've tested it and it works fine |
Is possible to get a file?
Regards. |
|
| Back to top |
|
|
spyer
Joined: 27 Mar 2008
Posts: 28
|
| Posted: May 03, 2008 5:12 pm Post subject: |
|
|
what do you mean?
EDIT: the file is [index.cgi] |
|
| Back to top |
|
|
Namaless
Joined: 20 Apr 2008
Posts: 107
Location: Italy
|
| Posted: May 05, 2008 7:07 am Post subject: |
|
|
| spyer wrote: | what do you mean?
EDIT: the file is [index.cgi] |
LOL!
All right, tomorrow search this lines into a files..
Regards. |
|
| Back to top |
|
|
PilgrimX182
Joined: 22 Mar 2006
Posts: 1107
Location: Undisclosed location
|
| Posted: May 05, 2008 9:23 am Post subject: |
|
|
Fixed msg vulnerability. Download latest ZIP from Client Area.
Also implemented Export files feature.
Also fixed e-mail sending. |
|
| Back to top |
|
|
PilgrimX182
Joined: 22 Mar 2006
Posts: 1107
Location: Undisclosed location
|
| Posted: May 05, 2008 9:26 am Post subject: |
|
|
| 2spyer: your solution is good, but I specially now use redirects instead to avoid dupe emails when user press F5 multiple times. |
|
| Back to top |
|
|
spyer
Joined: 27 Mar 2008
Posts: 28
|
| Posted: May 05, 2008 11:31 am Post subject: |
|
|
| PilgrimX182 wrote: | | 2spyer: your solution is good, but I specially now use redirects instead to avoid dupe emails when user press F5 multiple times. |
Roger that
thx |
|
| Back to top |
|
|
PilgrimX182
Joined: 22 Mar 2006
Posts: 1107
Location: Undisclosed location
|
| Posted: May 05, 2008 1:13 pm Post subject: |
|
|
Hehe, just made some extra XSS vulnerabilities research, found some good ones Try to add <h1> inside link for Link Checker
To avoid future XSS problems I'm now escaping "<>" symbols for all input variables.
It's inside Session.pm in latest ZIP.
P.S.: and don't play with Session.pm, it's under voodoo curse |
|
| Back to top |
|
|
Namaless
Joined: 20 Apr 2008
Posts: 107
Location: Italy
|
| Posted: May 05, 2008 1:21 pm Post subject: |
|
|
Thanks for export features..
Regards. |
|
| Back to top |
|
|
spyer
Joined: 27 Mar 2008
Posts: 28
|
| Posted: May 05, 2008 5:03 pm Post subject: |
|
|
| PilgrimX182 wrote: | Hehe, just made some extra XSS vulnerabilities research, found some good ones Try to add <h1> inside link for Link Checker
To avoid future XSS problems I'm now escaping "<>" symbols for all input variables.
It's inside Session.pm in latest ZIP.
P.S.: and don't play with Session.pm, it's under voodoo curse |
lolz
can you tell us the line number? coz it's all encrypted code |
|
| Back to top |
|
|
|
Register
Search
Profile
Log in to check your private messages
Log in
EZYWebhost - Cheap XUpload & XFileSharing 100% campatible hosting
