subject:"Bug#762967\: XSS in bugs.debian.org\/cgi\-bin\/version.cgi"

Bug#762967: XSS in bugs.debian.org/cgi-bin/version.cgi

2014-09-27 Thread Vlad Constantin

I'll add to this bug instead of making a new one.

/cgi-bin/cookies.cgi contains XSS (persistent via cookie) and Header
injection vulnerabilities in vars repeatmerged, terse, reverse, trim,
oldview

XSS PoC:
https://bugs.debian.org/cgi-bin/cookies.cgi?repeatmerged=%3Cscript%3Ealert('xss')%3B%3C/script%3E
Header injection PoC:
https://bugs.debian.org/cgi-bin/cookies.cgi?repeatmerged=%0aLocation%3A%20http%3A%2F%2Fgoogle.com%2F%0a

-v


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#762967: XSS in bugs.debian.org/cgi-bin/version.cgi

2014-09-27 Thread Don Armstrong

On Sat, 27 Sep 2014, Vlad Constantin wrote:
 I'll add to this bug instead of making a new one.
 
 /cgi-bin/cookies.cgi contains XSS (persistent via cookie) and Header
 injection vulnerabilities in vars repeatmerged, terse, reverse, trim,
 oldview
 
 XSS PoC:
 https://bugs.debian.org/cgi-bin/cookies.cgi?repeatmerged=%3Cscript%3Ealert('xss')%3B%3C/script%3E
 Header injection PoC:
 https://bugs.debian.org/cgi-bin/cookies.cgi?repeatmerged=%0aLocation%3A%20http%3A%2F%2Fgoogle.com%2F%0a

Thanks for reporting these; those scripts probably shouldn't even be in
use at all. I've already removed them from bugs.debian.org, and I'll
probably eliminate them from git shortly.


-- 
Don Armstrong  http://www.donarmstrong.com

There's no problem so large it can't be solved by killing the user
off, deleting their files, closing their account and reporting their
REAL earnings to the IRS.
 -- The B.O.F.H..


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#762967: XSS in bugs.debian.org/cgi-bin/version.cgi

2014-09-26 Thread Vlad Constantin

Package: debbugs
Severity: important

bugs.debian.org/cgi-bin/version.cgi contains an XSS vulnerability in the
'package' var.

PoC:
https://bugs.debian.org/cgi-bin/version.cgi?info=1;package=%3C/title%3E%3Cscript%3Ealert('xss')%3B%3C/script%3E

-v


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#762967: XSS in bugs.debian.org/cgi-bin/version.cgi

Bug#762967: XSS in bugs.debian.org/cgi-bin/version.cgi

Bug#762967: XSS in bugs.debian.org/cgi-bin/version.cgi

3 matches

Site Navigation

Mail list logo

Footer information