This is a joke, right? -Travis
On Mon, Jul 27, 2009 at 11:53 AM, YGN Ethical Hacker Group (http://yehg.net)<[email protected]> wrote: > ======================================== > > CodeIgniter Global XSS Filtering Bypass Vulnerability > > ======================================== > > Discovered by: > Aung Khant, YGN Ethical Hacker Group, Myanmar > http://yehg.net/ ~ believe in full disclosure > > Product : CodeIgniter < http://www.codeigniter.com> > Product Description : Open-source PHP Framework > Pen-Tested Version : 1.5.2 > Vulnerability : User-Agent injection > Risk : Medium > Threat : XSS, Log File Tampering > > Advisory URL: > http://yehg.net/lab/pr0js/view.php/CodeIgniter%20Global%20XSS%20Filtering%20Bypass%20Vulnerability.pdf > > Description: > $CI->input->user_agent() fails to check the validity of user-agent type. > It simply extracts from $_SERVER array without checking whether it is > bad string injection or not. In this case, we can spoof user agent > string of our browser with our arbitrary commands that can bypass > stronger CodeIgniter Security class even if > $config['global_xss_filtering'] = TRUE;. Thus we can execute XSS on > the fly. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
