forum.coppermine-gallery.net
Dev Board => cpg1.4 Testing/Bugs => cpg1.4 Testing/Bugs: FIXED/CLOSED => Topic started by: Andi on February 19, 2005, 03:33:58 pm
-
Hi :)
I found that calendar.php is vulnerable to XSS.
for simple sample:
http://pragma.cjb.net/dev-Coppermine/devel/calendar.php?action=banning&month=2&year=%3Cscript%3Ealert('Hallo :-))')%3C/script%3E
simple solution:
change line #80-81 to$month = intval($_REQUEST['month']);
$year = intval($_REQUEST['year']);
-
I made these changes:
$today = getdate();
$month = (int) $_REQUEST['month'];
$year = (int) $_REQUEST['year'];
if ($year == 0) {
$year = $today['year'];
}
if ($month == 0) {
$month = $today['mon'];
}
It prevents it on my setup.
-
;D
that's the better solution ;)