Closed Bug 463054 (WH-1628181) Opened 17 years ago Closed 16 years ago

XSS vulns on tiki-editpage.php

Categories

(support.mozilla.org :: Knowledge Base Software, task)

Product:
support.mozilla.org
Component:
Knowledge Base Software
Type:
task
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: reed, Assigned: jsocol)

References

(
URL
)

Details

(Keywords: wsec-xss, Whiteboard: tiki_fixed)

Attachments

(2 files)

Escape some stuff in header.tpl to solve this and future issues.
1.65 KB, patch
nkoth
: review+
Details | Diff | Splinter Review
tiki-editpage.tpl
4.38 KB, patch
morgamic
: review+
Details | Diff | Splinter Review
Assignee: nobody → laura
Target Milestone: --- → 0.7.2
In r19584 I merged in the new anti-XSS code from tiki 2.0. This seems to put the kibosh on this one, although I don't really like how it works. Will be in prod branch soon when we replace it with trunk this iteration due to the svn re-org.
Status: NEW → RESOLVED
Closed: 17 years ago
Keywords: push-needed
Resolution: --- → FIXED
Group: websites-security
Group: websites-security
Sentinel still shows an open vector for: http://support.mozilla.com/tiki-editpage.php?page=%3Cwhscheck%3E I can confirm: <div class="feature-contents"> <div id="breadcrumbs"><ul> <li><a href="/kb/">Firefox Support</a></li> <li class="divider">/</li><li><whscheck></li> </ul></div>
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Keywords: push-needed
This is a common file so it might close some of the others as well, will test.
Attachment #352325 - Flags: review?(nelson)
Target Milestone: 0.7.2 → 0.8
Attachment #352325 - Flags: review?(nelson) → review+
In trunk r20084, prod r20085.
Status: REOPENED → RESOLVED
Closed: 17 years ago17 years ago
Resolution: --- → FIXED
Whiteboard: tiki_triage
Depends on: 516631
Whiteboard: tiki_triage → tiki_fixed
Sentinel reopened this on the last pass... listing these two urls: http://support.mozilla.com/tiki-editpage.php?locale="whscheck="whscheck&page=*Ostala%20Firefox%20podr%C5%A1ka&source_page=Other%20Firefox%20support&oldver=21&newver=23&diff_style=inlinediff-full http://support.mozilla.com/tiki-editpage.php?locale="whscheck="whscheck&page=*Cannot%20connect%20after%20upgrading%20Firefox
Status: VERIFIED → REOPENED
Resolution: FIXED → ---
Looks like there were a couple of unescaped or incorrectly escaped variables. Fixed in both templates/styles/mozkb/tiki-editpage.tpl and templates/tiki-editpage.tpl.
Assignee: laura → james
Attachment #412030 - Flags: review?(morgamic)
Comment on attachment 412030 [details] [diff] [review] tiki-editpage.tpl escapes for me. I don't see another hole.
Attachment #412030 - Flags: review?(morgamic) → review+
r56354.
Status: REOPENED → RESOLVED
Closed: 17 years ago16 years ago
Resolution: --- → FIXED
Target Milestone: 0.8 → 1.5
Verified FIXED: Prod: <input type="hidden" name="locale" value=""whscheck="whscheck" /> Staging: <input type="hidden" name="locale" value="&quot;whscheck=&quot;whscheck" /> For both URLs in comment 6.
Status: RESOLVED → VERIFIED
Adding keywords to bugs for metrics, no action required. Sorry about bugmail spam.
Keywords: wsec-xss
These bugs are all resolved, so I'm removing the security flag from them.
Group: websites-security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: