Project

General

Profile

Bug #7999

XSS via 'hostname' parameter in diag_dns.php

Added by Jim Pingle almost 2 years ago. Updated over 1 year ago.

Status:
Resolved
Priority:
Urgent
Assignee:
Category:
Web Interface
Target version:
Start date:
10/24/2017
Due date:
% Done:

100%

Estimated time:
Affected Version:
All
Affected Architecture:
All

Description

On diag_dns.php the 'hostname' parameter is sent back to the user without encoding in a JavaScript block, leading to an XSS

Affects 2.3.x and 2.4.x

To test, enter this for the hostname:

0.0.0.0";alert("diag_dns XSS")//

Associated revisions

Revision 43746e1b (diff)
Added by Jim Pingle almost 2 years ago

Encode hostname parameter contents in javascript for diag_dns.php. Fixes #7999

Revision 4aa5f989 (diff)
Added by Jim Pingle almost 2 years ago

Encode hostname parameter contents in javascript for diag_dns.php. Fixes #7999

(cherry picked from commit 43746e1b4ef6fec0e9c915495aa3926a6b97e7a3)

Revision cd3e3a5c (diff)
Added by Jim Pingle almost 2 years ago

Encode hostname parameter contents in javascript for diag_dns.php. Fixes #7999

(cherry picked from commit 43746e1b4ef6fec0e9c915495aa3926a6b97e7a3)
(cherry picked from commit 4aa5f989c8a802638ee9d1130dc486cc2b637a78)

Revision 2cececc4 (diff)
Added by Jim Pingle almost 2 years ago

Encode hostname parameter contents in javascript for diag_dns.php. Fixes #7999

(cherry picked from commit 43746e1b4ef6fec0e9c915495aa3926a6b97e7a3)

Revision ab1a2d26 (diff)
Added by Jim Pingle almost 2 years ago

Encode hostname parameter contents in javascript for diag_dns.php. Fixes #7999

(cherry picked from commit 43746e1b4ef6fec0e9c915495aa3926a6b97e7a3)

Revision ef8205f4 (diff)
Added by Jim Pingle almost 2 years ago

Encode hostname parameter contents in javascript for diag_dns.php. Fixes #7999

(cherry picked from commit 43746e1b4ef6fec0e9c915495aa3926a6b97e7a3)

Revision f32e9531 (diff)
Added by Jim Pingle almost 2 years ago

Do not print JS when there are input errors on diag_dns.php; fix json_encode syntax. Ticket #7999

Revision b9319086 (diff)
Added by Jim Pingle almost 2 years ago

Do not print JS when there are input errors on diag_dns.php; fix json_encode syntax. Ticket #7999

(cherry picked from commit f32e9531ae21852ef0b21709b8278d1091d55d56)

Revision 0f8cc881 (diff)
Added by Jim Pingle almost 2 years ago

Do not print JS when there are input errors on diag_dns.php; fix json_encode syntax. Ticket #7999

(cherry picked from commit f32e9531ae21852ef0b21709b8278d1091d55d56)

Revision ff042793 (diff)
Added by Jim Pingle almost 2 years ago

Do not print JS when there are input errors on diag_dns.php; fix json_encode syntax. Ticket #7999

(cherry picked from commit f32e9531ae21852ef0b21709b8278d1091d55d56)

Revision edc0092c (diff)
Added by Jim Pingle almost 2 years ago

Do not print JS when there are input errors on diag_dns.php; fix json_encode syntax. Ticket #7999

(cherry picked from commit f32e9531ae21852ef0b21709b8278d1091d55d56)

Revision 748e38fa (diff)
Added by Jim Pingle almost 2 years ago

Do not print JS when there are input errors on diag_dns.php; fix json_encode syntax. Ticket #7999

(cherry picked from commit f32e9531ae21852ef0b21709b8278d1091d55d56)

History

#1 Updated by Jim Pingle almost 2 years ago

  • Private changed from No to Yes

#2 Updated by Jim Pingle almost 2 years ago

  • Description updated (diff)

#3 Updated by Jim Pingle almost 2 years ago

  • Status changed from Confirmed to Feedback
  • % Done changed from 0 to 100

#4 Updated by Jim Pingle almost 2 years ago

  • Status changed from Feedback to Resolved

works fine now

#5 Updated by Jim Pingle over 1 year ago

  • Private changed from Yes to No

Also available in: Atom PDF