PacketFence - BTS - PacketFence |
| View Issue Details |
|
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0001362 | PacketFence | security | public | 2012-01-10 13:47 | 2012-02-28 14:31 |
|
| Reporter | obilodeau | |
| Assigned To | obilodeau | |
| Priority | high | Severity | major | Reproducibility | always |
| Status | closed | Resolution | fixed | |
| Platform | | OS | | OS Version | |
| Product Version | | |
| Target Version | 3.2.0 | Fixed in Version | 3.2.0 | |
| fixed in git revision | |
| fixed in mtn revision | bc47f31583011d5bfc6612a1766ac2bb474a9718 |
|
| Summary | 0001362: Reflected XSS in printer.php's img_src, font_size and $_SERVER[REQUEST_URI] |
| Description | Exploit PoC img_src:
https://packetfence:1443/printer.php?img_src=%27%3E%3Cscript%3Ealert%28%22Your%20admin%20cookies:%20%22%2bdocument.cookie%29;%3C/script%3E [^]
Exploit PoC font_size:
For the exploit to work, you'll have to get the user to load a valid Web Admin page with a table of data beforehand. It's required to see the font-size tags.
https://packetfence:1443/printer.php?current_top=node¤t_sub=view&font_size=%27%3E%3Cscript%3Ealert%28%22Your%20admin%20cookies:%20%22%2bdocument.cookie%29;%3C/script%3E [^]
img_src:
After looking around, I didn't find a user passing img_src in the GET so the 'feature' will be removed entirely.
font_size: will be sanitized |
| Steps To Reproduce | |
| Additional Information | |
| Tags | No tags attached. |
| Relationships | |
| Attached Files |  security-fix-1362-xss-in-printer.php.patch (4,275) 2012-01-10 15:03
https://www.packetfence.org/bugs/file_download.php?file_id=126&type=bug |
|
| Issue History |
| Date Modified | Username | Field | Change |
| 2012-01-10 13:47 | obilodeau | New Issue | |
| 2012-01-10 13:47 | obilodeau | Status | new => assigned |
| 2012-01-10 13:47 | obilodeau | Assigned To | => obilodeau |
| 2012-01-10 14:09 | obilodeau | Summary | Reflected XSS in printer.php's img_src => Reflected XSS in printer.php's img_src and font_size |
| 2012-01-10 14:09 | obilodeau | Description Updated | |
| 2012-01-10 14:41 | obilodeau | Note Added: 0002527 | |
| 2012-01-10 14:41 | obilodeau | Summary | Reflected XSS in printer.php's img_src and font_size => Reflected XSS in printer.php's img_src, font_size and $_SERVER[REQUEST_URI] |
| 2012-01-10 14:41 | obilodeau | Description Updated | |
| 2012-01-10 15:03 | obilodeau | File Added: security-fix-1362-xss-in-printer.php.patch | |
| 2012-01-10 15:03 | obilodeau | Note Added: 0002528 | |
| 2012-01-10 15:49 | obilodeau | mtn revision | => bc47f31583011d5bfc6612a1766ac2bb474a9718 |
| 2012-01-10 15:49 | obilodeau | Note Added: 0002529 | |
| 2012-01-10 15:49 | obilodeau | Status | assigned => resolved |
| 2012-01-10 15:49 | obilodeau | Fixed in Version | => trunk |
| 2012-01-10 15:49 | obilodeau | Resolution | open => fixed |
| 2012-02-22 14:39 | obilodeau | Note Added: 0002576 | |
| 2012-02-22 14:39 | obilodeau | View Status | private => public |
| 2012-02-28 14:22 | obilodeau | Target Version | +1 => 3.2.0 |
| 2012-02-28 14:22 | obilodeau | Fixed in Version | trunk => 3.2.0 |
| 2012-02-28 14:31 | obilodeau | Note Added: 0002587 | |
| 2012-02-28 14:31 | obilodeau | Status | resolved => closed |