Skip to content

XSS in htdocs/entry_chooser.php #50

Closed
@setharnold

Description

@setharnold

Hello, Ismail Belkacim reported https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731 to Ubuntu's bug tracker. He also provided a patch, https://launchpadlibrarian.net/327292294/phpldapadmin_1.2.2-5.2ubuntu2.1_updated.debdiff -- is this an already known issue? Do you know if CVE has already been assigned to this issue? I didn't see fixes like his in the git tree here.

Thanks

The important part of the patch:

--- phpldapadmin-1.2.2/debian/patches/fix-XSS-3.patch	1969-12-31 16:00:00.000000000 -0800
+++ phpldapadmin-1.2.2/debian/patches/fix-XSS-3.patch	2017-07-07 06:16:20.000000000 -0700
@@ -0,0 +1,31 @@
+Description: Fix multiple Cross-Site Scripting vulnerabilities in file htdocs/entry_chooser.php.
+Author: Ismail Belkacim <xd4rker@gmail.com>
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1701731
+---
+This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
+Index: phpldapadmin-1.2.2/htdocs/entry_chooser.php
+===================================================================
+--- phpldapadmin-1.2.2.orig/htdocs/entry_chooser.php
++++ phpldapadmin-1.2.2/htdocs/entry_chooser.php
+@@ -15,9 +15,9 @@ $www['page'] = new page();
+ 
+ $request = array();
+ $request['container'] = get_request('container','GET');
+-$request['form'] = get_request('form','GET');
+-$request['element'] = get_request('element','GET');
+-$request['rdn'] = get_request('rdn','GET');
++$request['form'] = htmlspecialchars(addslashes(get_request('form','GET')));
++$request['element'] = htmlspecialchars(addslashes(get_request('element','GET')));
++$request['rdn'] = htmlspecialchars(addslashes(get_request('rdn','GET')));
+ 
+ echo '<div class="popup">';
+ printf('<h3 class="subtitle">%s</h3>',_('Entry Chooser'));
+@@ -33,7 +33,7 @@ echo '</script>';
+ echo '<table class="forminput" width="100%" border="0">';
+ if ($request['container']) {
+ 	printf('<tr><td class="heading" colspan="3">%s:</td><td>%s</td></tr>',_('Server'),$app['server']->getName());
+-	printf('<tr><td class="heading" colspan="3">%s:</td><td>%s</td></tr>',_('Looking in'),$request['container']);
++	printf('<tr><td class="heading" colspan="3">%s:</td><td>%s</td></tr>',_('Looking in'),htmlspecialchars($request['container']));
+ 	echo '<tr><td class="blank" colspan="4">&nbsp;</td></tr>';
+ }
+ 

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions