xss problem
category: general [glöplog]
Search box returns entered " as \"
Well done!
But I don't see how it is a problem since it really only affects the use entering the text. In a wider sense, the same sort of problem applies to the reply box. When I enter:
<script>
alert("Hellu");
</script>
the script will execute on the the confirmation page that I see, but not on the publicly displayed forum page.
... on the other hand the search box uses GET requests, so you could embed code into a link. Ok, it's a valid find.
But I don't see how it is a problem since it really only affects the use entering the text. In a wider sense, the same sort of problem applies to the reply box. When I enter:
<script>
alert("Hellu");
</script>
the script will execute on the the confirmation page that I see, but not on the publicly displayed forum page.
... on the other hand the search box uses GET requests, so you could embed code into a link. Ok, it's a valid find.
*sigh*.
htmlspecialchars()
It is corrected right now. Great.
Nitro, it could affect easily because the search box use get method, so I could write an url link this way (in the oneliner for example):
http://www.pouet.net/search.php?what=code_code_code_code
oneliner traslates into a hrefs whatever starting by http://
Before the problemas was corrected, onliner cuts the links in the spaces. So to insert malicious code, you can't write spaces, " or ' (these last 2 were escaped). But it is no problem for javascript since you can do whatever using String.fromCharCode(...) without quotes. A click-on-link worm would have been spread.
Nitro, it could affect easily because the search box use get method, so I could write an url link this way (in the oneliner for example):
http://www.pouet.net/search.php?what=code_code_code_code
oneliner traslates into a hrefs whatever starting by http://
Before the problemas was corrected, onliner cuts the links in the spaces. So to insert malicious code, you can't write spaces, " or ' (these last 2 were escaped). But it is no problem for javascript since you can do whatever using String.fromCharCode(...) without quotes. A click-on-link worm would have been spread.
Gargaj: Could I continue testing xss problems in pouet?
Sorry, I've not resisted to wait for your answer:
http://www.pouet.net/nfo.php?which=30877&f=none
http://www.pouet.net/nfo.php?which=30877&f=none
You are really l33t!
Now go and make us a demo.
Now go and make us a demo.
not as fun as the <iframe src="www.lemonparty.org">-exploit we did at slengpung once :D
*concurs Rob*