New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
XSS in cmd.php for 1.2.5 #130
Comments
|
Problem doesnt appear to be in 1.2.6.2 - please let me know if it is. |
|
I didn't look exhaustively but this commit appears likely to have addressed the issue: Do you know if a CVE has been assigned for this issue yet? Thanks |
|
Hi! I don't think so -- do you know how I can go about this? I apologize for the lack of knowledge / context here. If it helps, I filed a report at https://bugs.launchpad.net/ubuntu/+source/phpldapadmin, but the ticket should be private since it's a security issue.
|
|
On Wed, Dec 02, 2020 at 01:00:07PM -0800, Andy Gu wrote:
I don't think so -- do you know how I can go about this? I apologize for
the lack of knowledge / context here. If it helps, I filed a report at
https://bugs.launchpad.net/ubuntu/+source/phpldapadmin, but the ticket
should be private since it's a security issue.
I opened the launchpad bug because all the details are public on the
github issue.
Because compiling all the necessary information for a CVE takes time, and
because duplicate CVE assignments cost all CVE consumers time, I'd like to
make sure that this doesn't already have a CVE number assigned before
asking MITRE to assign one.
Thanks
|
|
Cool, thanks! It seems like you confirmed it here: https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1906474. No CVE number is currently assigned. |
|
This was assigned CVE-2020-35132 by MITRE. |
|
ping? I think this is unfixed, can someone double check & reopen? |
|
any news on this? can this issue be reopened to match its current status? |
|
My suggestion is to open a new issue -- anyone can do that, it'll help reduce confusion, etc. It'd be best to include a small reproducer that can be clearly used to demonstrate when the issue has been fixed. Thanks |
|
I have opened #137. Please someone double check if you can also reproduce this issue with 1.2.6.2 and report there. Thanks! |
@4ndygu any chance you can retest with current git master? I'd like to verify if this is still unfixed as I found in my tests. Thanks! |
Sorry I meant BRANCH-1.2 (or 1.2.6.2), not git master which is 2.x (although the same problem probably applies to the master branch) |
A user can set a field to an XSS payload, which triggers when the confirmation screen for whether to confirm the change is raised.
From cmd.php, say I have an attribute set to the following:
Then, say I am an admin and would like to change that field back:
When the field prompts me for a change, the payload is triggered. A user can log into user 1 and request a change, then wait for an admin to try deleting the field, which would trigger the payload for that user.
The text was updated successfully, but these errors were encountered: