Bugtraq mailing list archives
Mephisto blog is vulnerable to XSS
From: Sergey Tikhonov <st () haqu net>
Date: Sun, 25 Mar 2007 12:52:39 +0700
Hello everyone!Current bleeding-edge version of Mephisto blog is vulnerable to XSS. Comment's author name accept javascript code. If admin approves/ rejects comments manually, he have to load all unapproved comments, so it's possible to fetch his session id.
ExampleAdd new comment with the following author name: <script>alert (document.cookie)</script> Then from admin's overview section check this comment - you'll see message with cookie.
If you manually approve your comments, check list of pending comments. How to fix it patch for <approot>/app/helpers/application_helper.rb : 5c5 < return comment.author if comment.author_url.blank? --- > return h(comment.author) if comment.author_url.blank? Best wishes! Sergey Tikhonov
Current thread:
- Mephisto blog is vulnerable to XSS Sergey Tikhonov (Mar 26)