Piwigo Bugtracker

Viewing Issue Advanced Details Jump to Notes ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0000702 [Piwigo] security major always 2007.06.07 13:17 2007.09.20 21:03
Reporter rub View Status public  
Assigned To rub
Priority urgent Resolution fixed Platform
Status closed   OS
Projection none   OS Version
ETA none Fixed in Version 1.7.1 Product Version 1.7.0
  Target Version Product Build
Summary 0000702: Code Injection
Description Code Injection with picture comment

With guest user, it's possible to inject code on author field.

Example at moment:
http://demo.phpwebgallery.net/picture.php?/106/category/15 [^]
http://demo.phpwebgallery.net/picture.php?/128/category/15 [^]
Steps To Reproduce set <script>alert('Hello World!');</script> as author
Additional Information
Tags No tags attached.
browser any
Database engine and version
PHP version
Web server Apache 1.3.x
Attached Files

- Relationships

-  Notes
(0001881)
rub (developer)
2007.06.07 13:45

je commite ce soir une correction se basant sur le même principe que le contenu du commentaire:
add_event_handler('render_comment_content', 'htmlspecialchars');
(0001882)
plg (manager)
2007.06.07 19:46

Je préfererais un strip_tags
(0001883)
rub (developer)
2007.06.07 19:58

Pour l'auteur et aussi pour le contenu du commentaire?
(0001884)
rub (developer)
2007.06.07 20:51

[Subversion] r2030 & [Subversion] r2031

strip_tags uniquement sur auteur finalement
(0001987)
VDigital (reporter)
2007.09.20 21:01

Just to make it public...
(0001988)
VDigital (reporter)
2007.09.20 21:03

Can be seen as proof of already identified issue.

- Issue History
Date Modified Username Field Change
2007.06.07 13:17 rub New Issue
2007.06.07 13:17 rub browser => any
2007.06.07 13:17 rub Web server => Apache 1.3.x
2007.06.07 13:19 rub Summary Code Injection with picture comment => Code Injection
2007.06.07 13:19 rub Description Updated
2007.06.07 13:19 rub Steps to Reproduce Updated
2007.06.07 13:22 rub Status new => acknowledged
2007.06.07 13:39 rub Status acknowledged => assigned
2007.06.07 13:39 rub Assigned To => rub
2007.06.07 13:45 rub Note Added: 0001881
2007.06.07 19:46 plg Note Added: 0001882
2007.06.07 19:58 rub Note Added: 0001883
2007.06.07 20:51 rub Status assigned => resolved
2007.06.07 20:51 rub Fixed in Version => 1.7.1
2007.06.07 20:51 rub Resolution open => fixed
2007.06.07 20:51 rub Note Added: 0001884
2007.06.07 20:52 rub Status resolved => closed
2007.09.20 21:01 VDigital Status closed => feedback
2007.09.20 21:01 VDigital Resolution fixed => reopened
2007.09.20 21:01 VDigital Note Added: 0001987
2007.09.20 21:02 VDigital View Status private => public
2007.09.20 21:03 VDigital Status feedback => closed
2007.09.20 21:03 VDigital Note Added: 0001988
2007.09.20 21:03 VDigital Resolution reopened => fixed


Mantis 1.1.6[^]
Copyright © 2000 - 2008 Mantis Group
Contact
Powered by Mantis Bugtracker