This is an automated notification sent by Gna!.
It relates to:
bugs #1937, project Savane
==============================================================================
LATEST MODIFICATIONS of bugs #1937:
==============================================================================
Posted by: Sylvain Beucler <beuc>
Posted on: 2004-12-11 14:54 (GMT)
_______________________________________________________
Follow-up Comment:
It is minor indeed, though an attacker could trick a Savannah user to click on
a link (with onMouseOver masking the real URL for example) and have the
cookies sent to him by displaying a 1x1 IMG whose source is an external CGI
controlled by the attacker.
The previous behavior was not natural anyway - and the xss was really here,
unlike in the last xss report.
I'll recheck and retest the fix asap (and add the htmlspecialchars quote
option along the way).
==============================================================================
OVERVIEW of bugs #1937:
==============================================================================
URL:
<http://gna.org/bugs/?func=detailitem&item_id=1937>
Summary: xss
Project: Savane
Submitted by: beuc
Submitted on: Fri 12/10/2004 at 19:50
Category: Web Frontend
Severity: 3 - Average
Priority: E - Immediate
Status: Fixed
Privacy: Public
Assigned to: beuc
Open/Closed: Closed
Release:
Planned Release:
_______________________________________________________
http://lists.gnu.org/archive/html/savannah-hackers/2004-12/msg00283.html
shows 2 xss in Savane. I'm gonna add 2 htmlspecialchars().
_______________________________________________________
Follow-up Comments:
-------------------------------------------------------
Date: Sat 12/11/2004 at 14:54 By: Sylvain Beucler <beuc>
It is minor indeed, though an attacker could trick a Savannah user to click on
a link (with onMouseOver masking the real URL for example) and have the
cookies sent to him by displaying a 1x1 IMG whose source is an external CGI
controlled by the attacker.
The previous behavior was not natural anyway - and the xss was really here,
unlike in the last xss report.
I'll recheck and retest the fix asap (and add the htmlspecialchars quote
option along the way).
-------------------------------------------------------
Date: Sat 12/11/2004 at 11:53 By: Anonymous
Please make sure it does not break anything else.
I'm aware of such "vulnerabilities" (well, one should first forge the URL and
go to this forged url). I'd rather like see a real exploit demo than just
always this "bla bla cross site script possible". The fact is that PHP does
not allow to add checks everything that does not involve serious breakage of
others things depending on the configuration. In other words, fix on this kind
of things should be checked and rechecked in order to avoid breaking real
stuff just to avoid potential issue that no one has already been able to
exploit maliciously.
Mathieu (non logged in, at BNUS, where network is pure crap).
-------------------------------------------------------
Date: Fri 12/10/2004 at 19:56 By: Sylvain Beucler <beuc>
Done.
==============================================================================
This item URL is:
<http://gna.org/bugs/?func=detailitem&item_id=1937>
_______________________________________________
Message sent via/by Gna!
http://gna.org/
_______________________________________________
Savane-dev mailing list
[EMAIL PROTECTED]
https://mail.gna.org/listinfo/savane-dev
