News:

CPG Release 1.6.29
During HTML5 upload, keep pseudo blank code 200 messages from triggering error condition
added Russian language
correct failure to use theme menu icons in album manager
minor vulnerabilities mitigation

Main Menu

Security Check

Started by Andi, February 19, 2005, 03:33:58 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Andi

February 19, 2005, 03:33:58 PM Last Edit: February 19, 2005, 05:51:43 PM by omniscientdeveloper
Hi :)

I found that calendar.php is vulnerable to XSS.

for simple sample:
http://pragma.cjb.net/dev-Coppermine/devel/calendar.php?action=banning&month=2&year=%3Cscript%3Ealert('Hallo%20:-))')%3C/script%3E

simple solution:
change line #80-81 to
Code Select
$month = intval($_REQUEST['month']);
$year = intval($_REQUEST['year']);


hope, I could help you... :)

omniscientdeveloper

#1
February 19, 2005, 03:53:52 PM
I made these changes:

Code Select

$today = getdate();

$month = (int) $_REQUEST['month'];
$year = (int) $_REQUEST['year'];

if ($year == 0) {
    $year = $today['year'];
}

if ($month == 0) {
    $month = $today['mon'];
}


It prevents it on my setup.

Andi

#2
February 19, 2005, 04:02:50 PM
 ;D

that's the better solution  ;)
hope, I could help you... :)
Print
Go Up Pages1
User actions