forum.coppermine-gallery.net

Dev Board => cpg1.4 Testing/Bugs => cpg1.4 Testing/Bugs: FIXED/CLOSED => Topic started by: Andi on February 19, 2005, 03:33:58 pm

Title: Security Check
Post by: Andi on February 19, 2005, 03:33:58 pm
Hi :)

I found that calendar.php is vulnerable to XSS.

for simple sample:
http://pragma.cjb.net/dev-Coppermine/devel/calendar.php?action=banning&month=2&year=%3Cscript%3Ealert('Hallo :-))')%3C/script%3E

simple solution:
change line #80-81 to
Code: [Select]
$month = intval($_REQUEST['month']);
$year = intval($_REQUEST['year']);

Title: Re: Security Check
Post by: omniscientdeveloper on February 19, 2005, 03:53:52 pm
I made these changes:

Code: [Select]
$today = getdate();

$month = (int) $_REQUEST['month'];
$year = (int) $_REQUEST['year'];

if ($year == 0) {
    $year = $today['year'];
}

if ($month == 0) {
    $month = $today['mon'];
}

It prevents it on my setup.
Title: Re: Security Check
Post by: Andi on February 19, 2005, 04:02:50 pm
 ;D

that's the better solution  ;)