Piwigo Bugtracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000702Piwigosecuritypublic2007.06.07 13:172007.09.20 21:03
Reporterrub 
Assigned Torub 
PriorityurgentSeveritymajorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version1.7.0 
Target VersionFixed in Version1.7.1 
Summary0000702: Code Injection
DescriptionCode Injection with picture comment

With guest user, it's possible to inject code on author field.

Example at moment:
http://demo.phpwebgallery.net/picture.php?/106/category/15 [^]
http://demo.phpwebgallery.net/picture.php?/128/category/15 [^]
Steps To Reproduceset <script>alert('Hello World!');</script> as author
TagsNo tags attached.
browserany
Database engine and version
PHP version
Web serverApache 1.3.x
Attached Files

- Relationships

-  Notes
(0001881)
rub (developer)
2007.06.07 13:45

je commite ce soir une correction se basant sur le même principe que le contenu du commentaire:
add_event_handler('render_comment_content', 'htmlspecialchars');
(0001882)
plg (manager)
2007.06.07 19:46

Je préfererais un strip_tags
(0001883)
rub (developer)
2007.06.07 19:58

Pour l'auteur et aussi pour le contenu du commentaire?
(0001884)
rub (developer)
2007.06.07 20:51

[Subversion] r2030 & [Subversion] r2031

strip_tags uniquement sur auteur finalement
(0001987)
VDigital (reporter)
2007.09.20 21:01

Just to make it public...
(0001988)
VDigital (reporter)
2007.09.20 21:03

Can be seen as proof of already identified issue.

- Issue History
Date Modified Username Field Change
2007.06.07 13:17 rub New Issue
2007.06.07 13:17 rub browser => any
2007.06.07 13:17 rub Web server => Apache 1.3.x
2007.06.07 13:19 rub Summary Code Injection with picture comment => Code Injection
2007.06.07 13:19 rub Description Updated
2007.06.07 13:19 rub Steps to Reproduce Updated
2007.06.07 13:22 rub Status new => acknowledged
2007.06.07 13:39 rub Status acknowledged => assigned
2007.06.07 13:39 rub Assigned To => rub
2007.06.07 13:45 rub Note Added: 0001881
2007.06.07 19:46 plg Note Added: 0001882
2007.06.07 19:58 rub Note Added: 0001883
2007.06.07 20:51 rub Status assigned => resolved
2007.06.07 20:51 rub Fixed in Version => 1.7.1
2007.06.07 20:51 rub Resolution open => fixed
2007.06.07 20:51 rub Note Added: 0001884
2007.06.07 20:52 rub Status resolved => closed
2007.09.20 21:01 VDigital Status closed => feedback
2007.09.20 21:01 VDigital Resolution fixed => reopened
2007.09.20 21:01 VDigital Note Added: 0001987
2007.09.20 21:02 VDigital View Status private => public
2007.09.20 21:03 VDigital Status feedback => closed
2007.09.20 21:03 VDigital Note Added: 0001988
2007.09.20 21:03 VDigital Resolution reopened => fixed


Copyright © 2000 - 2015 MantisBT Team
Contact
Powered by Mantis Bugtracker