Closed
Bug 560707
Opened 14 years ago
Closed 14 years ago
Input Validation Missing for Shirt Size Selection
Categories
(Websites Graveyard :: drumbeat.org, defect)
Websites Graveyard
drumbeat.org
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: mcoates, Unassigned)
Details
(Keywords: drupal-module, Whiteboard: [donation] [drumbeat] [civicrm] [infrasec:input])
Issue The shirt size dropdown box at the drumbeat donations page does not appear to be validated by the server. An attacker can use a proxy tools such as WebScarab or tamperdata to modify the value selected in the dropdown box to an arbitrary value. Unintended or malicious actions could occur depending on how this value is processed by the server. Steps to reproduce: 1. Browse to: http://donate.trellon.org/dbl/civicrm/contribute/transact?reset=1&id=1&reset=1&id=1 2. Enter a donation value of $200 3. Select the t-shirt and any value from the dropdown 4. Configure TamperData to intercept 5. Click Continue 6. Within TamperData modify the t-shirt size from "Men's L" to "testData123" and submit the modified packet 7. Observe that the submitted data is accepted without any errors. Recommended Remediation Perform input validation on the server to ensure that the t-shirt size selected is a valid option from a predefined list.
Comment 1•14 years ago
|
||
Interesting. This should be reported to CiviCRM if this is the case. I'll dig into the code tomorrow and find out what's happening. Cheers.
Updated•14 years ago
|
Keywords: drupal-module
Whiteboard: donation, drumbeat → donation, drumbeat civicrm
Comment 2•14 years ago
|
||
There is same problem with "I want to contribute this amount every" dropdown.
Comment 3•14 years ago
|
||
Mike Priest: update?
Comment 4•14 years ago
|
||
For both dropdown boxes (tshirt, contribution period) has been added additional validation which checks submited value.
Reporter | ||
Comment 5•14 years ago
|
||
I've confirmed that both fixed are working properly in http://donate.trellon.org. Moving to resolved: fixed.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Reporter | ||
Updated•14 years ago
|
Whiteboard: donation, drumbeat civicrm → donation, drumbeat civicrm, [infrasec:input]
Reporter | ||
Updated•14 years ago
|
Whiteboard: donation, drumbeat civicrm, [infrasec:input] → [donation] [drumbeat] [civicrm] [infrasec:input]
Updated•12 years ago
|
Group: websites-security
Assignee | ||
Updated•9 years ago
|
Product: Websites → Websites Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•