input sanitation issues on multiple form field inputs
Issue #371
resolved
piler lacks input sanitation to prevent XSS attacks and as such it fails to prevent account takeover (session stealing) attacks.
reccomend implementing server side input sanitation.
Can i email directly to disclose the specifics directly? I have a POC for the account takeover (session stealing)
thanks
Comments (3)
-
reporter -
repo owner Sure, send the details to me, see my address in "piler -V" output.
-
repo owner - changed status to resolved
It appears that there's indeed an xss issue. To fix it do the following:
#1. Edit system/misc.php, and locate the AUDIT() function definition, then add the following line:$description = htmlspecialchars($description);
before this line:
$query = $db->query("INSERT ...
#2. Edit both view/theme/default/templates/search/load.tpl and view/theme/mobile/templates/search/load.tpl, and replaceprint $s['search'];
with
print htmlspecialchars($s['search']);
Or you may upgrade to the master branch.
- Log in to comment
also, this is the current version in the virtual appliance build 0.1.24-master-branch build 836