Security Check Security Check
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

Security Check

Started by Andi, February 19, 2005, 03:33:58 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Andi

Hi :)

I found that calendar.php is vulnerable to XSS.

for simple sample:
http://pragma.cjb.net/dev-Coppermine/devel/calendar.php?action=banning&month=2&year=%3Cscript%3Ealert('Hallo%20:-))')%3C/script%3E

simple solution:
change line #80-81 to$month = intval($_REQUEST['month']);
$year = intval($_REQUEST['year']);


hope, I could help you... :)

omniscientdeveloper

I made these changes:


$today = getdate();

$month = (int) $_REQUEST['month'];
$year = (int) $_REQUEST['year'];

if ($year == 0) {
    $year = $today['year'];
}

if ($month == 0) {
    $month = $today['mon'];
}


It prevents it on my setup.

Andi

 ;D

that's the better solution  ;)
hope, I could help you... :)