Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-Disclosure] Re: [ GLSA 200501-45 ] Gallery: Cross-site scripting v

from [Paul Laudanski] Network Security [Permanent Link]
Subject: [Full-Disclosure] Re: [ GLSA 200501-45 ] Gallery: Cross-site scripting vulnerability
Date: Sun, 30 Jan 2005 20:17:20 -0500 (EST) 
Thanks for the notification.  Lets keep in mind that we don't want to see 
another form of the highlight or sanity issue here, as the removeTags is 
simply the strip_tags PHP function.  As we've seen, not all attacks will 
have HTML tags in them.

gallery fix:

 $username = htmlspecialchars(removeTags(urldecode($username)));

(The same also found in search.php)

phpbb pre-fix:

 $words = explode(' ', 
trim(htmlspecialchars(urldecode($HTTP_GET_VARS['highlight']))));

phpbb fix:

 $words = explode(' ', trim(htmlspecialchars($HTTP_GET_VARS['highlight'])));

I have not taken the time to audit the code, but as we've all become 
familiar with the raw encoded URL during the wonderful days of Christmas, 
it would be a good idea to run a quick test to ensure that base is 
covered.  So hopefully I'm wrong and just being over-paranoid.

In any case, thanks for the update.  Please correct me if I'm off base 
while thinking aloud.

On Sun, 30 Jan 2005, Luke Macken wrote:


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200501-45
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Low
     Title: Gallery: Cross-site scripting vulnerability
      Date: January 30, 2005
      Bugs: #78522
        ID: 200501-45

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



-- 
Regards,

Paul Laudanski - Computer Cops, LLC.
CastleCops(SM) - http://castlecops.com
http://justalittlepoke.com | http://cuddlesnkisses.com | 
http://zhen-xjell.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-Disclosure] [ GLSA 200501-45 ] Gallery: Cross-site scripting vulnerability, Luke Macken
Next by Date:  Re: [Full-Disclosure] Is there a 0day vuln in this phisher's site?, Andrew Clover
Previous by Thread:  [Full-Disclosure] [ GLSA 200501-45 ] Gallery: Cross-site scripting vulnerability, Luke Macken
Next by Thread:  [Full-Disclosure] Transamericana.org (update), Antonio Oliveira
Indexes:  [Date] [Thread] [Top] [All Lists]