Closed Bug 154029 Opened 22 years ago Closed 22 years ago

HTML directory indexer doesn't html-escape url

Categories

(Core :: Security: CAPS, defect)

Product:
Core
Component:
Security: CAPS
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

()

Status:
VERIFIED DUPLICATE of bug 154030

People

(Reporter: bbaetz, Assigned: bbaetz)

References

(
URL
)

Details

As reported by ptrs-ejy@bp.iij4u.or.jp to the security group, the uri (which is
added to the page) isn't html escaped:

<quote>
+ Exploit code:
~~~~~~~~~~~~~~~~~
<a href="ftp://'FTPserver' or
'FTP+HTTPserver'/#%3C%2ftitle%3E%3Cscript%3Ealert(%22exploit%22);%3C%2fscript%3E">Exploit</a>
</quote>

(You need to add a valid ftp server in there)

Patch coming
Oops - double submit.

*** This bug has been marked as a duplicate of 154030 ***
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → DUPLICATE
Group: security?
VERIFIED/dupe.
Status: RESOLVED → VERIFIED
Component: Networking: FTP → Security: CAPS
QA Contact: benc → bsharma
You need to log in before you can comment on or make changes to this bug.