Advanced search  

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Pages: [1]   Go Down

Author Topic: Security Check  (Read 3612 times)

0 Members and 1 Guest are viewing this topic.

Andi

  • VIP
  • Coppermine regular visitor
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 85
  • Join the Future
    • www.pragmamx.org
Security Check
« on: February 19, 2005, 03:33:58 pm »
Hi :)

I found that calendar.php is vulnerable to XSS.

for simple sample:
http://pragma.cjb.net/dev-Coppermine/devel/calendar.php?action=banning&month=2&year=%3Cscript%3Ealert('Hallo :-))')%3C/script%3E

simple solution:
change line #80-81 to
Code: [Select]
$month = intval($_REQUEST['month']);
$year = intval($_REQUEST['year']);

« Last Edit: February 19, 2005, 05:51:43 pm by omniscientdeveloper »
Logged
hope, I could help you... :)

omniscientdeveloper

  • VIP
  • Coppermine addict
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 901
Re: Security Check
« Reply #1 on: February 19, 2005, 03:53:52 pm »
I made these changes:

Code: [Select]
$today = getdate();

$month = (int) $_REQUEST['month'];
$year = (int) $_REQUEST['year'];

if ($year == 0) {
    $year = $today['year'];
}

if ($month == 0) {
    $month = $today['mon'];
}

It prevents it on my setup.
Logged

Andi

  • VIP
  • Coppermine regular visitor
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 85
  • Join the Future
    • www.pragmamx.org
Re: Security Check
« Reply #2 on: February 19, 2005, 04:02:50 pm »
 ;D

that's the better solution  ;)
Logged
hope, I could help you... :)
Pages: [1]   Go Up
« previous next »
 

Page created in 0.016 seconds with 19 queries.