Hi Adam,
Thanks for the report.
I'm not really familiar with XSS attacks, but would a regex check
(/^[0-9]+$/) on the backup number (num) be enough to stop these attacks?
Cheers,
GFK's
Le 2011-01-18 15:11, AA AA a écrit :
> Hello,
>
> I'm contacting you to notify you i have found two XSS exploits in
> Browse.pm of BackupPC 3.2.0, the file "Browse.pm" attached to this
> email has been patched against this attack. Here is a PoC:
>
> http://target.server/cgi-bin/BackupPC_Admin?action=browse&host=realhostneeded&num=1[XSS]
> <http://target.server/cgi-bin/BackupPC_Admin?action=browse&host=realhostneeded&num=1[XSS]>
> <comes back as a valid request and runs XSS
>
> and
>
> http://target.server/cgi-bin/BackupPC_Admin?action=browse&host=realhostneeded&num=[XSS]
> <http://target.server/cgi-bin/BackupPC_Admin?action=browse&host=realhostneeded&num=[XSS]>
> <comes
> back as ERROR and runs XSS
>
> I know they look alike but they are two separate XSS exploits, due to
> one being a error page and the other a valid request. Thank you for
> your time.
>
------------------------------------------------------------------------------
Protect Your Site and Customers from Malware Attacks
Learn about various malware tactics and how to avoid them. Understand
malware threats, the impact they can have on your business, and how you
can protect your company and customers by using code signing.
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
BackupPC-devel mailing list
BackupPC-devel@lists.sourceforge.net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-devel
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
