Modify ↓
#752 closed Bug/Fehler (fixed)
Kleine XSS Lücken
| Reported by: | INETvisio | Owned by: | somebody |
|---|---|---|---|
| Priority: | normal | Milestone: | modified-shop-1.06-SP4 |
| Component: | Sicherheit | Version: | 1.06 |
| Keywords: | Cc: | ||
| Blocked By: | Blocking: |
Description
Hallo modified,
in der Datei "includes/modules/metatags.php" gibt es ein Problem, dass man Text-Inhalt ausgeben kann (HTML-Code wird rausgefiltert).
Zufällig durch SP3 Update aufgefallen:
if(isset($_GET['coID'])){
- $canonical_url = xtc_href_link(FILENAME_CONTENT, 'coID='.$_GET['coID'],$request_type,false);
+ $canonical_url = xtc_href_link(FILENAME_CONTENT, 'coID='.$_GET['coID'],'NONSSL',false);
}
Beispiel für die Ausführung:
http://demo.modified-shop.org/tags/modified-1.06/shop_content.php?coID=test%22%3EHallo,%20sehen%20Sie%20mich?
Gruß
Jürgen H.
Attachments (0)
Change History (4)
comment:1 by , 10 years ago
comment:2 by , 10 years ago
| Summary: | Kleine XSS Lücke bei Meta-Tags / canonical_url → Kleine XSS Lücken |
|---|
Note:
See TracTickets
for help on using tickets.
Weitere Stelle:
address_book_process.php:
if (isset ($_GET['delete'])) { $smarty->assign('delete', '1'); $smarty->assign('ADDRESS', xtc_address_label($_SESSION['customer_id'], $_GET['delete'], true, ' ', '<br />')); $smarty->assign('BUTTON_BACK', '<a href="'.xtc_href_link(FILENAME_ADDRESS_BOOK, '', 'SSL').'">'.xtc_image_button('button_back.gif', IMAGE_BUTTON_BACK).'</a>'); $smarty->assign('BUTTON_DELETE', '<a href="'.xtc_href_link(FILENAME_ADDRESS_BOOK_PROCESS, 'delete='.$_GET['delete'].'&action=deleteconfirm', 'SSL').'">'.xtc_image_button('button_delete.gif', IMAGE_BUTTON_DELETE).'</a>'); } else {Auslösen:
https://demo.modified-shop.org/tags/modified-1.06/address_book_process.php?delete=1%22%3EHallo,%20sehen%20Sie%20mich?
Gruß
Jürgen H.