Dolibarr ERP & CRM » Bugs » bug #1525 XSS in several values of third cardDernières modifications
Répondre
État| Détails |
| Submitted by: | Marcos García (marcosgdf) | | Submitted on: | 13/07/2014 19:09 |
| Last Modified On: | 27/07/2014 09:33 | |
| Summary: | XSS in several values of third card |
| Description: | XSS in several values of third card |
| Step to reproduce bug: | Check screenshots. |
| Detected in version: | 3.5.3 | | Category: | Module: Thirdparties |
| Severity: | 7 | | OS Type/Version: | |
| PHP version: | | | Database type and version: | |
| Etat |
| Status: | Open | | Assigned to: | Aucun |
| Resolution: | Fixed | |
Commentaires- Cedric GROSS 14/08/2014 10:00
- The bug has been corrected inside GIT sources
(http://www.github.com/Dolibarr/dolibarr).
So fix should be available with next stable release. - Cedric GROSS 27/07/2014 09:33
- No, you're right Marcos.
Test are only done for script tag and some basic SQL injection. It's not enough.
For example use this value '<IFRAME SRC="" href="http://www.doliforge.com" target="_blank" target="_new">http://www.doliforge.com" <' (without single quote) in third-party name.
You will wipe out rest of third-party card and show doliforge home page.
And there are lot of other _expression_ which is not filtered.
- Marcos García 26/07/2014 21:07
- Didn't check it so much. I thought that because there's no htmlentities used all over Dolibarr's pages, it would be a posibility of XSS injection, but now I see that it is prevented in main.inc
- Laurent Destailleur 26/07/2014 17:33
- Can your provide more information ?
What do you mean with XSS into some values of thirdparty. Screnshot just show you edit value with d, so what's wrong ?
|
|
(http://www.github.com/Dolibarr/dolibarr).
So fix should be available with next stable release.
Aucun→ Fixed