Security Security
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

Security

Started by aljareh, June 19, 2006, 05:29:43 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

aljareh

ther is alot of xss Cross-Site Scripting i found it in cpg
by this programm it arabic programm
http://www.jaascois.com/software/AntiWebInjection/JAAScoisAWIen.zip
some of xss
http://127.0.0.1/f/misc.php?forget=1&index=1#top<script>alert('hacking%20xss')</script>
http://127.0.0.1/f/forum.php?id=7&show=1&order=1&order_type=DESC#posts_table<script>alert('hacking%20xss')</script>
and  ther alot  of that xss
in cpg

Sami

there is no misc.php or forum.php file,I think you examined older version or bridge version or totally other program
‍I don't answer to PM with support question
Please post your issue to related board

Joachim Müller

bmossavari is right: no coppermine version ever contained files named misc.php nor forum.php. As your links point to your local machine, we can't examine any further. Anyway: if your machine can only be accessed locally, why do you worry abot XSS?
If you think you actually found a vulnerability and not some bogus stuff detected by a questionable app that claims to be able to detect XSS vulnerabilities, please post actual details, i.e. vulnerable code snippets that come from coppermine.
As suggested: the "tool" JAAScoisAWIen is very questionable, as google only contains hits for the website of the company that created the tool. How could an executable that only runs under Windows be a reliable webserver security tool? Looks like a trojan to me.
No offense though, thanks for the report.

Tarique Sani

Atleast post how to verify the attacks - some URLs which we can replicate the attack with (your given URLs are not relevant to Coppermine)
SANIsoft PHP applications for E Biz

aljareh

#4
Quote from: GauGau on June 19, 2006, 09:03:40 PM
bmossavari is right: no coppermine version ever contained files named misc.php nor forum.php. As your links point to your local machine, we can't examine any further. Anyway: if your machine can only be accessed locally, why do you worry abot XSS?
If you think you actually found a vulnerability and not some bogus stuff detected by a questionable app that claims to be able to detect XSS vulnerabilities, please post actual details, i.e. vulnerable code snippets that come from coppermine.
As suggested: the "tool" JAAScoisAWIen is very questionable, as google only contains hits for the website of the company that created the tool. How could an executable that only runs under Windows be a reliable webserver security tool? Looks like a trojan to me.
No offense though, thanks for the report.
hi but the JAAScoisAWIen it's not trojan

im sorry this othoer program it's www.mysmartbb.com it's arabic forum programm
but this in cpg 1.4.x
http://coppermine-gallery.net/demo/cpg14x/thumbnails.php?album=<script>alert('hacking%20xss')</script>

http://coppermine-gallery.net/demo/cpg14x/thumbnails.php?album=toprated&amp;amp=&amp;cat=0&amp;4x=&amp;thumbnails_php?album=toprated&amp;amp;cat=0&amp;lang=english<script>alert('hacking%20xss')</script>

http://coppermine-gallery.net/demo/cpg14x/thumbnails.php?album=favpics&amp;4x=&amp;thumbnails_php?album=favpics&amp;lang=spanish<script>alert('hacking%20xss')</script>

http://coppermine-gallery.net/demo/cpg14x/search.php?4x=&amp;search_php=&amp;lang=danish<script>alert('hacking%20xss')</script>

http://coppermine-gallery.net/demo/cpg14x/search.php?4x=&amp;search_php=&amp;lang=korean<script>alert('hacking%20xss')</script>

http://coppermine-gallery.net/demo/cpg14x/search.php?4x=&amp;search_php=&amp;lang=swedish<script>alert('hacking%20xss')</script>


Sami

#5
these are not working !!!!
they all get filtered by gallery :)
every "<" will be come "&lt;" so you will not be able to cross ;)
‍I don't answer to PM with support question
Please post your issue to related board

Tarique Sani

bmossavari is right none of the above result in an XSS
SANIsoft PHP applications for E Biz