Text only | Text with Images

coppermine-gallery.com/forum

Dev Board => cpg1.4 Testing/Bugs => cpg1.4 Testing/Bugs: FIXED/CLOSED => Topic started by: Andi on February 19, 2005, 03:33:58 PM

Title: Security Check
Post by: Andi on February 19, 2005, 03:33:58 PM
Hi :)

I found that calendar.php is vulnerable to XSS.

for simple sample:
http://pragma.cjb.net/dev-Coppermine/devel/calendar.php?action=banning&month=2&year=%3Cscript%3Ealert('Hallo%20:-))')%3C/script%3E

simple solution:
change line #80-81 to
Code Select
$month = intval($_REQUEST['month']);
$year = intval($_REQUEST['year']);


Title: Re: Security Check
Post by: omniscientdeveloper on February 19, 2005, 03:53:52 PM
I made these changes:

Code Select

$today = getdate();

$month = (int) $_REQUEST['month'];
$year = (int) $_REQUEST['year'];

if ($year == 0) {
    $year = $today['year'];
}

if ($month == 0) {
    $month = $today['mon'];
}


It prevents it on my setup.
Title: Re: Security Check
Post by: Andi on February 19, 2005, 04:02:50 PM
 ;D

that's the better solution  ;)
Text only | Text with Images