git.heureux-cyclage.org - lhc/web/wiklou.git/commit

dépôts / lhc / web / wiklou.git / commit

author	Nick Jenkins <nickj@users.mediawiki.org>
	Tue, 9 Jan 2007 06:36:39 +0000 (06:36 +0000)
committer	Nick Jenkins <nickj@users.mediawiki.org>
	Tue, 9 Jan 2007 06:36:39 +0000 (06:36 +0000)
commit	f22fcfb835e4c0876e4d6debfef04d94178cf01f
tree	bb44a6c85576fe6949bf4eb57b57d66c2154eba9	tree \| snapshot
parent	fcd353ad19ef2aa0af6d9305a1e85ac666f46513	commit \| diff

Prevent XSS / arbitrary HTML injection via unescaped "rs" parameter. Proof-of-Concept attack: localhost/wiki/index.php?action=ajax&rs=%3Cscript%3Ealert(%22Ownage%20-%20All%20your%20base%20are%20belong%20to%20me!%22);%3C/script%3E , which will result in this executable JavaScript output: "unknown function <script>alert("Ownage - All your base are belong to me!");</script>"

includes/AjaxDispatcher.php

diff | blob | history

Wiklou, le Wiki du Wiklou

RSS Atom