Actions
Bug #7652
closeddiag_tables.php: 'type' parameter can lead to XSS
Start date:
06/16/2017
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:
All
Description
Two problems with diag_tables.php that together can lead to XSS via the type (table name) parameter:
- Lack of input validation allows the 'type' parameter to be submitted with an invalid value (table that does not exist) which is then still used in functions on the page
- When an invalid table name contains code that could trigger an XSS, it is run when the type parameter is resubmitted via AJAX to load table content.
Example:
/diag_tables.php?type=%27}});});});alert(%27XSS%27);%20console.log(function(){%20console.log(function(){%20console.log({%20c:{%27a%27:%27
Updated by Jim Pingle over 7 years ago
- Status changed from Confirmed to Feedback
- % Done changed from 0 to 100
Applied in changeset e90eaf31f079dc29187d1c08cfe88ceabc0786f4.
Actions