[Koha-bugs] [Bug 3652] XSS vulnerabilities
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Oct 17 09:02:52 CEST 2012
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=3652
Chris Hall <chrish at catalyst.net.nz> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|Signed Off |Needs Signoff
Assignee|oleonard at myacpl.org |chrish at catalyst.net.nz
--- Comment #36 from Chris Hall <chrish at catalyst.net.nz> ---
Created attachment 12876
-->
http://bugs.koha-community.org/bugzilla3/attachment.cgi?id=12876&action=edit
Fixing XSS vulnerability in opac-search
Fixes XSS vulnerabilites in opac-search
Search in the opac for ';</script><script>alert(10);</alert>' (without the
quotes around it), a pop up should appear.
You could also visit
/cgi-bin/koha/opac-search.pl?q=%3B%3C%2Fscript%3E%3Cscript%3Ealert%2810%29%3B%3C%2Fscript%3E
Notes:
The above XSS vuln will work in firefox 16.01 but will not work in chromium 18
as chromium detects that the string is user supplies, instead chromium will
report an error message to the console.
Arachni still believes that the opac-search is vulnerable despite this fix, I
believe it is incorrect as the string it tries to inject is made up of
alphanumeric and hyphens, (as far as I know) none of these are dangerous when
rendered within a form or script element.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list