Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hello, Ismail Belkacim reported https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731 to Ubuntu's bug tracker. He also provided a patch, https://launchpadlibrarian.net/327292294/phpldapadmin_1.2.2-5.2ubuntu2.1_updated.debdiff -- is this an already known issue? Do you know if CVE has already been assigned to this issue? I didn't see fixes like his in the git tree here.
Thanks
The important part of the patch:
--- phpldapadmin-1.2.2/debian/patches/fix-XSS-3.patch 1969-12-31 16:00:00.000000000 -0800 +++ phpldapadmin-1.2.2/debian/patches/fix-XSS-3.patch 2017-07-07 06:16:20.000000000 -0700 @@ -0,0 +1,31 @@ +Description: Fix multiple Cross-Site Scripting vulnerabilities in file htdocs/entry_chooser.php. +Author: Ismail Belkacim <xd4rker@gmail.com> +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1701731 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +Index: phpldapadmin-1.2.2/htdocs/entry_chooser.php +=================================================================== +--- phpldapadmin-1.2.2.orig/htdocs/entry_chooser.php ++++ phpldapadmin-1.2.2/htdocs/entry_chooser.php +@@ -15,9 +15,9 @@ $www['page'] = new page(); + + $request = array(); + $request['container'] = get_request('container','GET'); +-$request['form'] = get_request('form','GET'); +-$request['element'] = get_request('element','GET'); +-$request['rdn'] = get_request('rdn','GET'); ++$request['form'] = htmlspecialchars(addslashes(get_request('form','GET'))); ++$request['element'] = htmlspecialchars(addslashes(get_request('element','GET'))); ++$request['rdn'] = htmlspecialchars(addslashes(get_request('rdn','GET'))); + + echo '<div class="popup">'; + printf('<h3 class="subtitle">%s</h3>',_('Entry Chooser')); +@@ -33,7 +33,7 @@ echo '</script>'; + echo '<table class="forminput" width="100%" border="0">'; + if ($request['container']) { + printf('<tr><td class="heading" colspan="3">%s:</td><td>%s</td></tr>',_('Server'),$app['server']->getName()); +- printf('<tr><td class="heading" colspan="3">%s:</td><td>%s</td></tr>',_('Looking in'),$request['container']); ++ printf('<tr><td class="heading" colspan="3">%s:</td><td>%s</td></tr>',_('Looking in'),htmlspecialchars($request['container'])); + echo '<tr><td class="blank" colspan="4"> </td></tr>'; + } +
The text was updated successfully, but these errors were encountered:
This has been assigned CVE-2017-11107 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11107
Sorry, something went wrong.
Hello - any updates here?
i provided a PR for this in #71, but i'm now wondering if this project is just abandoned...
Successfully merging a pull request may close this issue.
Hello, Ismail Belkacim reported https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731 to Ubuntu's bug tracker. He also provided a patch, https://launchpadlibrarian.net/327292294/phpldapadmin_1.2.2-5.2ubuntu2.1_updated.debdiff -- is this an already known issue? Do you know if CVE has already been assigned to this issue? I didn't see fixes like his in the git tree here.
Thanks
The important part of the patch:
The text was updated successfully, but these errors were encountered: