Hi everyone. Can anyone tell how is it that the XSS indicated by this
advisory was fixed? I might be something wrong here, but can't see
what is it.
I was using a fairly old version (2.1.5), and upgraded to 2.1.9. To my
surprise, the XSS using the URL with listinfo.html is still working,
changing the content (HTML) of the list's info using the PoC URL of
the said advisory. Reading the code for edithtml.py I can still see
problems here: passing the values using GET still works, and the
regular expression looking for <[/]?script.*> still is case sensitive.
The diff between revision 7723 and 8001 for edithtml.py
(Release_2_1-maint branch) gives me:
Index: edithtml.py
===================================================================
--- edithtml.py (revision 7723)
+++ edithtml.py (working copy)
@@ -143,7 +143,8 @@
doc.AddItem('<p>')
doc.AddItem('<hr>')
form = Form(mlist.GetScriptURL('edithtml') + '/' + template_name)
- text = Utils.websafe(Utils.maketext(template_name, raw=1, mlist=mlist))
+ text = Utils.maketext(template_name, raw=1, mlist=mlist)
+ # MAS: Don't websafe twice. TextArea does it.
form.AddItem(TextArea('html_code', text, rows=40, cols=75))
form.AddItem('<p>' + _('When you are done making changes...'))
form.AddItem(SubmitButton('submit', _('Submit Changes')))
I am sure I'm doing something wrong, but can't see what is it. Where's the fix?
Cheers,
--
Juan
_______________________________________________
Mailman-Developers mailing list
[email protected]
http://mail.python.org/mailman/listinfo/mailman-developers
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives:
http://www.mail-archive.com/mailman-developers%40python.org/
Unsubscribe:
http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org
Security Policy:
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
