php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Sec Bug #60827 Vulnerability in bugs.php.net
Submitted: 2012-01-20 21:21 UTC Modified: 2012-01-20 21:27 UTC
From: orunu at Live dot com Assigned:
Status: Duplicate Package: URL related
PHP Version: Irrelevant OS: irrelevant
Private report: No CVE-ID: None
 [2012-01-20 21:21 UTC] orunu at Live dot com
Description:
------------
I heard that if a vulnerability was found in your site i was able to report it.  In http://www.bugs.php.net/ there is a XSS (Cross Site Scripting) vulnerability, though non-persistent, it can still be dangerous to users.  If a someone were to use this for a malicious purpose they could manage to steal cookies of other users and gain access to that persons bank/facebook ect... I used the String.fromCharCode() method.

https://bugs.php.net/search.php?boolean=0&limit=30&order_by=id&direction=DESC&cmd=display&status=Open&bug_age=0&bug_updated=0&bug_type=Documentation+Problem&patch=Y"><script>alert(String.fromCharCode(79, 114, 117, 110, 117, 32, 119, 97, 115, 32, 104, 101, 114, 101))</script>

the above is the vulnerable link and syntax used to create a alert box that simply says "Orunu was here".  Like i said this vulnerability is non-persistent, but in the hands of a malicious user can be utilized for something dangerous.

Test script:
---------------
https://bugs.php.net/search.php?boolean=0&limit=30&order_by=id&direction=DESC&cmd=display&status=Open&bug_age=0&bug_updated=0&bug_type=Documentation+Problem&patch=Y"><script>alert(String.fromCharCode(79, 114, 117, 110, 117, 32, 119, 97, 115, 32, 104, 101, 114, 101))</script>

Expected result:
----------------
I expected the java script not to run

Actual result:
--------------
The java script did execute.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2012-01-20 21:27 UTC] rasmus@php.net
This was already reported and fixed.
 [2012-01-20 21:27 UTC] rasmus@php.net
-Status: Open +Status: Duplicate
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Oct 31 22:01:27 2024 UTC