lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <41A6F67E.2000304@simplistix.co.uk> Date: Fri, 26 Nov 2004 09:25:18 +0000 From: Chris Withers <chris@...plistix.co.uk> To: advisory@...security.com Cc: bugtraq@...urityfocus.com, simon@...ful.com Subject: Re: STG Security Advisory: [SSA-20041122-12] Zwiki XSS vulnerability advisory@...security.com wrote: > proof of concept > > http://[victim]/<img src=javascript:alert('hi')> Just to note, this bug only affects ZWiki version after Zwiki 0.10.0rc1. Also, the fix is pretty trivial, apply the following patch to standard_error_message in all ZWiki folders (and on disk, so you don't have to do it again ;-): --- standard_error_message.dtml.original Fri Nov 26 09:17:22 2004 +++ standard_error_message.dtml Fri Nov 26 09:17:55 2004 @@ -29,7 +29,7 @@ <body> <p> I could not find any likely page matching - "<b><dtml-var "here.urlunquote(searchexpr)"></b>" + "<b><dtml-var "here.urlunquote(searchexpr)" html_quote></b>" </p> <p> Click here to Sadly, I see I broke the bug tracker, 'cos it's also a ZWiki, and has MUCH bigger problems than the above :-S (execution of any DTML in the context of (hopefully!) the user that created it along with a total lack of html quoting in the page :-( In short, only use ZWiki if you know what you're doing, and preferably only if it's not anonymously accessible... *sigh* Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk
Powered by blists - more mailing lists