Context Navigation

← Previous Ticket
Next Ticket →

Modify ↓

#1133 closed Bug/Fehler (fixed)

XSS Lücken bei HEADER Fälschung

Reported by:	INETvisio	Owned by:	somebody
Priority:	hoch	Milestone:	modified-shop-2.0.5.0
Component:	Sicherheit	Version:	2.0.2.1
Keywords:		Cc:
Blocked By:		Blocking:

Description

Hallo,

die SERVER HTTP_* Variaben können sehr leicht für XSS Attacken genutzt werden und Admin-Ausgaben infizieren.

Um das Problem zu reproduzieren, installieren Sie in Google Chrome folgende Erweiterung: "Modify Header Value (HTTP Headers)". Stellen Sie die Erweiterung für die genannte Variablen ein.

Leider, kann ich keine Details hier angeben, da ich sonst wegen Spam-Schutz nicht weiter komme.

Auf Wunsch, könnte ich weitere Details per Email verschicken.

Gruß,
Jürgen H.

Attachments (0)

Change History (9)

comment:1 by Torsten Riemer, 9 years ago

Wir würden uns über Details per E-Mail sehr freuen.

comment:2 by Torsten Riemer, 9 years ago

Milestone:	modified-shop-2.1.0.0 → modified-shop-2.0.2.2
Version:	2.1.0.0 → 2.0.2.1

comment:3 by Torsten Riemer, 9 years ago

Milestone:	modified-shop-2.0.2.2 → modified-shop-2.0.2.3

comment:4 by Torsten Riemer, 9 years ago

Milestone:	modified-shop-2.0.2.3 → modified-shop-2.0.2.4

comment:5 by Torsten Riemer, 8 years ago

Milestone:	modified-shop-2.0.4.0

comment:6 by Gerhard Waldemair, 8 years ago

Resolution:	→ fixed
Status:	new → closed

In 11266:

fix #1133

comment:7 by Gerhard Waldemair, 8 years ago

In 11267:

fix #1133

comment:8 by Torsten Riemer, 8 years ago

Milestone:	→ modified-shop-2.0.4.1

comment:9 by Torsten Riemer, 7 years ago

Milestone:	modified-shop-2.0.4.1 → modified-shop-2.0.5.0

Modify Ticket

Action

leave as closed The owner will remain somebody.

reopen The resolution will be deleted. Next status will be 'reopened'.

Add Comment

Your email or username:

E-mail address and name can be saved in the Preferences .

You may use WikiFormatting here.

Attachments ↑ Description ↑

Note: See TracTickets for help on using tickets.

Download in other formats: