RomanIvanov's sandbox.

**BIG** **GREEN** **FROGS**
yes yes no
no yes yes

Fixed in Wikka -- JsnX

table action has an XSS.


Fixed in Wikka -- JsnX

googleform action has an XSS.


Fixed in Wikka -- JsnX

rss action has an XSS and also supposed unsafe because any malefactor can generated BIG amount of incoming traffic, which may be expensive.

any suggestions how to address this issue?

here is mine (which doesn't fix the rss-exploit, but i seem to have some more general probs with the rss-action in my wikka-installation. and this exploit isn't located in the parameter-handling. it has to be handled in the rss-action itself):

    if (is_array($matches)) {
        for ($a = 0; $a < count($matches[0]); $a++) {
            $vars[$matches[1][$a]] = htmlentities($matches[2][$a], ENT_QUOTES);
    $vars["wakka_vars"] = htmlentities(trim($vars_temp), ENT_QUOTES);

attention: this hack may confuse some actions, which aren't aware that the parameters now are passed over as htmlentities! it may be sufficient to treat only the occurance of single quotes, since this is the point where the first two of romans exploit's hook in.

i hate that guys who cause problems but omit the solutions ;)

Yeah, that Roman guy is a big trouble-maker. ;)

I just patched up the actions to feed the appropriate items through ReturnSafeHTML().

Hey Dreck, I do have a request.

although the problem is solved, moved the stuff to CachingRSS and added some remarks

Good work, guys =)

-- RomanIvanov

thanks ;) and (of course) thanks for the hint! --DreckFehler
There is one comment on this page. [Display comment]
Valid XHTML :: Valid CSS: :: Powered by WikkaWiki