Security Check Security Check
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Security Check

Started by Andi, February 19, 2005, 03:33:58 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Andi

Hi :)

I found that calendar.php is vulnerable to XSS.

for simple sample:
http://pragma.cjb.net/dev-Coppermine/devel/calendar.php?action=banning&month=2&year=%3Cscript%3Ealert('Hallo%20:-))')%3C/script%3E

simple solution:
change line #80-81 to$month = intval($_REQUEST['month']);
$year = intval($_REQUEST['year']);


hope, I could help you... :)

omniscientdeveloper

I made these changes:


$today = getdate();

$month = (int) $_REQUEST['month'];
$year = (int) $_REQUEST['year'];

if ($year == 0) {
    $year = $today['year'];
}

if ($month == 0) {
    $month = $today['mon'];
}


It prevents it on my setup.

Andi

 ;D

that's the better solution  ;)
hope, I could help you... :)