Anonymous | Login | 2024-11-22 23:07 EST |
Main | My View | View Issues | Change Log | Roadmap |
View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
ID | Project | Category | View Status | Date Submitted | Last Update | |||
0001362 | PacketFence | security | public | 2012-01-10 13:47 | 2012-02-28 14:31 | |||
Reporter | obilodeau | |||||||
Assigned To | obilodeau | |||||||
Priority | high | Severity | major | Reproducibility | always | |||
Status | closed | Resolution | fixed | |||||
Platform | OS | OS Version | ||||||
Product Version | ||||||||
Target Version | 3.2.0 | Fixed in Version | 3.2.0 | |||||
Summary | 0001362: Reflected XSS in printer.php's img_src, font_size and $_SERVER[REQUEST_URI] | |||||||
Description | Exploit PoC img_src: https://packetfence:1443/printer.php?img_src=%27%3E%3Cscript%3Ealert%28%22Your%20admin%20cookies:%20%22%2bdocument.cookie%29;%3C/script%3E [^] Exploit PoC font_size: For the exploit to work, you'll have to get the user to load a valid Web Admin page with a table of data beforehand. It's required to see the font-size tags. https://packetfence:1443/printer.php?current_top=node¤t_sub=view&font_size=%27%3E%3Cscript%3Ealert%28%22Your%20admin%20cookies:%20%22%2bdocument.cookie%29;%3C/script%3E [^] img_src: After looking around, I didn't find a user passing img_src in the GET so the 'feature' will be removed entirely. font_size: will be sanitized | |||||||
Tags | No tags attached. | |||||||
fixed in git revision | ||||||||
fixed in mtn revision | bc47f31583011d5bfc6612a1766ac2bb474a9718 | |||||||
Attached Files | security-fix-1362-xss-in-printer.php.patch [^] (4,275 bytes) 2012-01-10 15:03 [Show Content] | |||||||
Notes | |
(0002527) obilodeau (reporter) 2012-01-10 14:41 |
Another one in $_SERVER[REQUEST_URI]. Need an old browser as current FF and Chrome didn't work, I needed a proxy to escape the URL encoding done by the browsers. |
(0002528) obilodeau (reporter) 2012-01-10 15:03 |
attached patch |
(0002529) obilodeau (reporter) 2012-01-10 15:49 |
fixed in trunk |
(0002576) obilodeau (reporter) 2012-02-22 14:39 |
bug report now public |
(0002587) obilodeau (reporter) 2012-02-28 14:31 |
Fixed in recently released 3.2.0. |
Issue History | |||
Date Modified | Username | Field | Change |
2012-01-10 13:47 | obilodeau | New Issue | |
2012-01-10 13:47 | obilodeau | Status | new => assigned |
2012-01-10 13:47 | obilodeau | Assigned To | => obilodeau |
2012-01-10 14:09 | obilodeau | Summary | Reflected XSS in printer.php's img_src => Reflected XSS in printer.php's img_src and font_size |
2012-01-10 14:09 | obilodeau | Description Updated | |
2012-01-10 14:41 | obilodeau | Note Added: 0002527 | |
2012-01-10 14:41 | obilodeau | Summary | Reflected XSS in printer.php's img_src and font_size => Reflected XSS in printer.php's img_src, font_size and $_SERVER[REQUEST_URI] |
2012-01-10 14:41 | obilodeau | Description Updated | |
2012-01-10 15:03 | obilodeau | File Added: security-fix-1362-xss-in-printer.php.patch | |
2012-01-10 15:03 | obilodeau | Note Added: 0002528 | |
2012-01-10 15:49 | obilodeau | mtn revision | => bc47f31583011d5bfc6612a1766ac2bb474a9718 |
2012-01-10 15:49 | obilodeau | Note Added: 0002529 | |
2012-01-10 15:49 | obilodeau | Status | assigned => resolved |
2012-01-10 15:49 | obilodeau | Fixed in Version | => trunk |
2012-01-10 15:49 | obilodeau | Resolution | open => fixed |
2012-02-22 14:39 | obilodeau | Note Added: 0002576 | |
2012-02-22 14:39 | obilodeau | View Status | private => public |
2012-02-28 14:22 | obilodeau | Target Version | +1 => 3.2.0 |
2012-02-28 14:22 | obilodeau | Fixed in Version | trunk => 3.2.0 |
2012-02-28 14:31 | obilodeau | Note Added: 0002587 | |
2012-02-28 14:31 | obilodeau | Status | resolved => closed |
Copyright © 2000 - 2012 MantisBT Group |