Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cross-site scripting vulnerability #444

Closed
fgeek opened this issue Dec 30, 2015 · 14 comments
Closed

Cross-site scripting vulnerability #444

fgeek opened this issue Dec 30, 2015 · 14 comments

Comments

@fgeek
Copy link

fgeek commented Dec 30, 2015

Hello,

Cross-site scripting vulnerability has been announced in full disclosure mailing list.

According to this Curesec advisory timeline they were unable to contact you:

11/17/2015 Informed Vendor about Issue (no reply)
12/10/2015 Reminded Vendor of Disclosure Date (no reply)
12/21/2015 Disclosed to public

Issue can be reproduced with following URL:

http://localhost/esoTalk-1.0.0g4/conversations/a'";><img src=no onerror=alert(1)>?search=test

Do you have plans to fix this security vulnerability? If you do not plan to fix vulnerabilities in esoTalk please mention it in the README or similar, thank you. As far as I can tell this issue does not yet have CVE identifier assigned. Have you request it?
@tobyzerner
Copy link
Member

Thanks for reporting this. I never got an email... my @esotalk.org address might be broken, I'll look into it.

@fgeek
Copy link
Author

fgeek commented Jan 3, 2016

CVE request: http://www.openwall.com/lists/oss-security/2016/01/03/1

@inliquid
Copy link
Contributor

inliquid commented Jan 5, 2016

What should I do to reproduce this?
Tried on my 1.0.0g4 - doesn't work
http://localhost/esoTalk-1.0.0g4/conversations/a'";><img src=no onerror=alert(1)>?search=test

@inliquid
Copy link
Contributor

inliquid commented Jan 5, 2016

Sorry guys but I can't understand and reproduce the case you were fixing. Anyways - I have applied these changes.

However, I found another XSS bug (with the above commit in place).

1

@fgeek
Copy link
Author

fgeek commented Jan 5, 2016

Good that you found more issues. @tobscure can you fix that one too?

I was also planning to perform security testing for esoTalk codebase when I have spare time in near future.

@wkhayrattee
Copy link

@fgeek thanks for all your good intentions
@tobscure thank you for still looking into this..

A quick question btw for @tobscure

  • Did you use nested set model or adjacency model with the hierarchical data for esoTalk?
    (Sorry I tried emailing you as well, but in vain)

@inliquid
Copy link
Contributor

inliquid commented Jan 5, 2016

This should help develop...inliquid:patch-1

@tobyzerner tobyzerner mentioned this issue Jan 5, 2016
Merged
@tobyzerner
Copy link
Member

Thanks @inliquid

@tobyzerner
Copy link
Member

@7php nested set model

@wkhayrattee
Copy link

awesome, thanks @tobscure !

@fgeek
Copy link
Author

fgeek commented Jan 6, 2016

Tried on my 1.0.0g4 - doesn't work

@inliquid I was able to reproduce this cross-site scripting vulnerability without problems e.g. when using logged in administrator account.

@inliquid
Copy link
Contributor

inliquid commented Jan 6, 2016

@fgeek maybe it wasn't working because of some of my plugins.

@fgeek
Copy link
Author

fgeek commented Jan 8, 2016

@tobscure I have sent email to your Gmail address in your GitHub profile. Did you receive it?

@fgeek
Copy link
Author

fgeek commented Apr 29, 2019

MITRE assigned CVE-2015-9285 for this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@tobyzerner @fgeek @inliquid @wkhayrattee