We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
https://github.com/symphonycms/symphony-2/blob/master/symphony/template/usererror.missing_extension.php#L15
@rename(EXTENSIONS . '/' . $_POST['existing-folder'], EXTENSIONS . '/' . $_POST['new-folder']))
Data from $_POST is passed directly into filepath, attacker may control filepath with injecting ../.
../
https://github.com/symphonycms/symphony-2/blob/master/symphony/template/usererror.missing_extension.php#L18
$name = $_POST['existing-folder']; ... Symphony::Engine()->throwCustomError( __('Could not find extension %s at location %s.', array( '<code>' . $name . '</code>', '<code>' . $path . '</code>' )),
Here data from $_POST to HTML allows attacker to trigger an XSS with payload llike existing-folder=</code><script>xxx</script>
$_POST
existing-folder=</code><script>xxx</script>
The text was updated successfully, but these errors were encountered:
Thank you for reporting @Xyntax.
@nitriques First might need a custom check to ensure an attacker can't traverse up (or down) in the tree. Second can be solved using filter_var IMO.
filter_var
Sorry, something went wrong.
Boy do I want to remove all to pesky $_ access.
If you ever discover of security bugs. please follow our disclosure policy: https://github.com/symphonycms/symphony-2/wiki/Security-Bug-Disclosure
Prevent Cross Site Scripting
fbab292
This commits makes sure we sanitize input before outputing them. Re: #2639
@Xyntax fbab292 fixes the XSS issue e177fc7 fixes the path traversal issue
@brendo could you review please ?
e177fc7
2.6.10 is out
👍 @nitriques
brendo
nitriques
No branches or pull requests
File Manipulation
https://github.com/symphonycms/symphony-2/blob/master/symphony/template/usererror.missing_extension.php#L15
Data from $_POST is passed directly into filepath, attacker may control filepath with injecting
../
.Cross Site Scripting
https://github.com/symphonycms/symphony-2/blob/master/symphony/template/usererror.missing_extension.php#L18
Here data from
$_POST
to HTML allows attacker to trigger an XSS with payload llikeexisting-folder=</code><script>xxx</script>
The text was updated successfully, but these errors were encountered: