lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sun, 27 Jul 2003 16:19:34 -0700
From: "Bharat Mediratta" <bharat@...alto.com>
To: <bugtraq@...urityfocus.com>
Subject: Gallery XSS security advisory (with fix and patch instructions)


___________________
PROBLEM DESCRIPTION

Gallery is an open source image management system.  Learn more about
it at http://gallery.sourceforge.net

Gallery has a feature that allows users to search their image captions
and descriptions for specific search terms.  A typo in the security code
of this feature permits a cross site scripting bug that can allow 
malicious users to craft a URL such that they can execute javascript
in your browser.

Many thanks to Larry Nguyen for noticing this bug and doing the responsible
thing by bringing it to the attention of the Gallery dev team.  As always,
we react quickly to all notifications about security flaws.

You can reproduce this vulnerability by enabling the search feature on
Gallery and searching for this term:

    <script>alert("You are vulnerable")</script>

If the resulting search page yields a javascript popup, your Gallery should
be patched.

_________________
VERSIONS AFFECTED

This hole affects all Gallery releases from version 1.1 to 1.3.4.  It
has been fixed in Gallery v1.3.4-p1 and the Gallery 1.3.5 development
branch in CVS.  
__________________
FIXING THE PROBLEM

The fix to this problem is very simple.  Pursue one of the following
three options:

1. Upgrade to v1.3.4-p1, available now on the Gallery website:
        http://gallery.sourceforge.net/download.php
   
   We provide a complete release of the code as well as a file that
   contains a patch from 1.3.4 with instructions.

-- or -- 

2. Edit search.php, locate this line:

        $searchString = removeTags($searchstring);

   and replace it with:

        $searchstring = removeTags($searchstring);

-- or --

3.  Delete search.php from your gallery.  This will secure your system but 
    will also break the search feature so you will probably want to edit
    config.php and change this line:
        $gallery->app->default["showSearchEngine"] = "yes";
    to:
        $gallery->app->default["showSearchEngine"] = "no";

regards,
Bharat Mediratta
Gallery developer

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ