Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Security Check  (Read 3134 times)

0 Members and 1 Guest are viewing this topic.

Andi

  • VIP
  • Coppermine regular visitor
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 85
  • Join the Future
    • www.pragmamx.org
Security Check
« on: February 19, 2005, 03:33:58 pm »

Hi :)

I found that calendar.php is vulnerable to XSS.

for simple sample:
http://pragma.cjb.net/dev-Coppermine/devel/calendar.php?action=banning&month=2&year=%3Cscript%3Ealert('Hallo :-))')%3C/script%3E

simple solution:
change line #80-81 to
Code: [Select]
$month = intval($_REQUEST['month']);
$year = intval($_REQUEST['year']);

« Last Edit: February 19, 2005, 05:51:43 pm by omniscientdeveloper »
Logged
hope, I could help you... :)

omniscientdeveloper

  • VIP
  • Coppermine addict
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 901
Re: Security Check
« Reply #1 on: February 19, 2005, 03:53:52 pm »

I made these changes:

Code: [Select]
$today = getdate();

$month = (int) $_REQUEST['month'];
$year = (int) $_REQUEST['year'];

if ($year == 0) {
    $year = $today['year'];
}

if ($month == 0) {
    $month = $today['mon'];
}

It prevents it on my setup.
Logged

Andi

  • VIP
  • Coppermine regular visitor
  • ***
  • Offline Offline
  • Gender: Male
  • Posts: 85
  • Join the Future
    • www.pragmamx.org
Re: Security Check
« Reply #2 on: February 19, 2005, 04:02:50 pm »

 ;D

that's the better solution  ;)
Logged
hope, I could help you... :)
Pages: [1]   Go Up
 

Page created in 0.015 seconds with 19 queries.