Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cross Site Scripting #575

Closed
Shinkurt opened this issue Dec 18, 2016 · 3 comments

Comments

Projects
None yet
2 participants
@Shinkurt
Copy link

commented Dec 18, 2016

In Piwigo/admin/plugin.php

32: $sections = explode('/', $_GET['section']); 
59: $filename = PHPWG_PLUGINS_PATH . implode('/', $sections); 
66: die ('Missing file ' . $filename); 

As you can see a user-controlled input $_GET['section'] ($filename) is being sent to die() - printing out without no sanitization, this could result in cross-site scripting because die() prints out content just like echo() before exit.

Fix: do htmlentities($filename);

@plegall

This comment has been minimized.

Copy link
Member

commented Dec 20, 2016

earlier in this file, you can find:

check_status(ACCESS_ADMINISTRATOR);

So only Piwigo administrators can exploit this "security issue". Is that really a problem?

@Shinkurt

This comment has been minimized.

Copy link
Author

commented Dec 20, 2016

should be. because attacker would only need to give the admin a malicious xss link, and when authorized admin visits it, check_status(ACCESS_ADMINISTRATOR); will return to true. so yes it is as dangerous.

@plegall plegall closed this in 7df3830 Dec 24, 2016

@Shinkurt

This comment has been minimized.

Copy link
Author

commented Dec 30, 2016

Use CVE-2016-10083 for this.

plegall added a commit that referenced this issue Jan 1, 2017

@plegall plegall self-assigned this Jan 1, 2017

@plegall plegall added the Type: Bug label Jan 1, 2017

@plegall plegall added this to the 2.8.5 milestone Jan 1, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.