Security Check Security Check
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

Security Check

Started by Andi, February 19, 2005, 03:33:58 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Andi

February 19, 2005, 03:33:58 PM Last Edit: February 19, 2005, 05:51:43 PM by omniscientdeveloper
Hi :)

I found that calendar.php is vulnerable to XSS.

for simple sample:
http://pragma.cjb.net/dev-Coppermine/devel/calendar.php?action=banning&month=2&year=%3Cscript%3Ealert('Hallo%20:-))')%3C/script%3E

simple solution:
change line #80-81 to
Code Select
$month = intval($_REQUEST['month']);
$year = intval($_REQUEST['year']);


hope, I could help you... :)

omniscientdeveloper

#1
February 19, 2005, 03:53:52 PM
I made these changes:

Code Select

$today = getdate();

$month = (int) $_REQUEST['month'];
$year = (int) $_REQUEST['year'];

if ($year == 0) {
    $year = $today['year'];
}

if ($month == 0) {
    $month = $today['mon'];
}


It prevents it on my setup.

Andi

#2
February 19, 2005, 04:02:50 PM
 ;D

that's the better solution  ;)
hope, I could help you... :)
Print
Go Up Pages1
User actions