DOM Based XSS attack through Search option #875
Comments
I'll compare the search code between the two branches and maybe push something. After a quick comparison between master, and 0.9-dev, it looks like the two show no differences involving the search behaviour. |
Thats strange. I was using the latest release downloaded from the official site and it says its 0.9.2 as the version number. Are you using the same ? |
I compared between master and 0.9-Dev (which says 0.10 in as its version in the admin panel), but after following the link to the download, it turns out that they aren't just linking the download to the githubs zip ball. They're hosting a completely separate version of the cms - which seems anti-ideal, but hey, this is just a thought... |
Yea, may be there is a reason for the same. I just started using it yesterday so I don't know much details about the same. But I think this issue persists at least in the latest download that they are giving officially! Edit: |
Changing the name was a mistake. It is not reflecting/or going to the server. Its basically a DOM based attack. Sorry for the confusion. |
@Lucif3rr so was this not an issue with Anchor? Just would like to know so I can close (or not close) this issue :) |
I think this IS an issue, just not an issue with any of the repos here. I think its an issue with the official download of the CMS on anchorcms.com. |
@daviddarnes This is an issue but not a Reflected type XSS (which was my initial thought but I was wrong). This issue exists in official download of anchorcms from the official site. I tried to clone the 1.0 release from github to see if it has the same issue but its not working properly in my machine. May be its not stable/time to release yet ? Edit: May be you can try to verify the same from the official download ? |
@Lucif3rr 1.0 isn't release yet. If you want to get the latest version of the current release download the |
@CraigChilds94 Sure. I will try out the same things in the 0.9-dev branch then. :) |
@CraigChilds94, bugs that I have squashed in my latest PR to the 0.9-Dev branch! :P I'm running 0.9-Dev on my website, brennytizer.com.au, (no I'm not trying to self promote) but those images are from the latest 0.9-Dev; I switched over about a week ago, and have implemented the fixes mentioned in NY latest PR. |
Cheers @TheBrenny I'm super busy at the moment. But will hammer out loads of fixes to get a new and hopefully stable release :D |
@CraigChilds94, I have 4 weeks of school holidays, so I'm thinking about closing some issues, on top of completing personal and school projects. I can handle a large workload, provided I'm given fair deadlines! :P |
And may be I can try to find more bugs. I will report back if I can find more. Cheers ! :) |
@TheBrenny is there a way I can have a chat with you ? I having some hard time with 0.9-dev. Do anchor have an official IRC channel ? |
@Lucif3rr, no official irc channel, but you can email me at thebrenny@brennytizer.com.au. Its okay with being confused, I was too at the start, and even when I switched. I think it might be worth while to change some things on the installation page... |
@Lucif3rr @TheBrenny if you're having problems they might be worth chatting about on the forum. People might benefit from the solutions you come to. |
I'm closing this as it appears to have been addressed by @TheBrenny |
Hello all,
The search option of the anchor CMS is properly escaped but an attacker can directly inject an XSS payload on the URL and it will execute properly. This happens in the most recent version of anchor CMS available to download from the official site i.e.version 0.9.2.
The simple payload looks like this:
http://localhost/anchor/index.php/search/%3Cscript%3Ealert%281%29;%3C/script%3E
The text was updated successfully, but these errors were encountered: