Security Check Security Check
 

News:

CPG Release 1.6.28
added submissions from {406man}
cleaned up a few PHP (8.4) deprecations
fixed PHP deprecation in calendar
removed security vulnerability
(please upgrade when possible)

Main Menu

Security Check

Started by Andi, February 19, 2005, 03:33:58 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Andi

February 19, 2005, 03:33:58 PM Last Edit: February 19, 2005, 05:51:43 PM by omniscientdeveloper
Hi :)

I found that calendar.php is vulnerable to XSS.

for simple sample:
http://pragma.cjb.net/dev-Coppermine/devel/calendar.php?action=banning&month=2&year=%3Cscript%3Ealert('Hallo%20:-))')%3C/script%3E

simple solution:
change line #80-81 to
Code Select
$month = intval($_REQUEST['month']);
$year = intval($_REQUEST['year']);


hope, I could help you... :)

omniscientdeveloper

#1
February 19, 2005, 03:53:52 PM
I made these changes:

Code Select

$today = getdate();

$month = (int) $_REQUEST['month'];
$year = (int) $_REQUEST['year'];

if ($year == 0) {
    $year = $today['year'];
}

if ($month == 0) {
    $month = $today['mon'];
}


It prevents it on my setup.

Andi

#2
February 19, 2005, 04:02:50 PM
 ;D

that's the better solution  ;)
hope, I could help you... :)
Print
Go Up Pages1
User actions