Wiki source for MySandbox
===[[RomanIvanov]]'s sandbox.===
So,
{{table cellpadding="'><script>alert(1);</script>" columns="3" cells="**BIG**;**GREEN**;**FROGS**;yes;yes;no;no;yes;yes"}}
''Fixed in Wikka 1.1.3.8 -- JsnX''
====table action has an XSS.====
So,
{{googleform q="'><script>alert(2)</script>"}}
''Fixed in Wikka 1.1.3.8 -- JsnX''
====googleform action has an XSS.====
So,
{{rss url="http://ar.sky.ru/xss.xml" cache="cachef.xml"}}
''Fixed in Wikka 1.1.3.8 -- JsnX''
====rss action has an XSS and also supposed unsafe because any malefactor can generated BIG amount of incoming traffic, which may be expensive.====
any suggestions how to address this issue?
here is mine (which doesn't fix the rss-exploit, but i seem to have some more general probs with the rss-action in my wikka-installation. and this exploit isn't located in the parameter-handling. it has to be handled in the rss-action itself):
%%(php)<?
if (is_array($matches)) {
for ($a = 0; $a < count($matches[0]); $a++) {
$vars[$matches[1][$a]] = htmlentities($matches[2][$a], ENT_QUOTES);
}
}
$vars["wakka_vars"] = htmlentities(trim($vars_temp), ENT_QUOTES);
?>%%
**attention:** this hack may confuse some actions, which aren't aware that the parameters now are passed over as htmlentities! it may be sufficient to treat only the occurance of single quotes, since this is the point where the first two of romans exploit's hook in.
i hate that guys who cause problems but omit the solutions ;)
----
Yeah, that Roman guy is a big trouble-maker. ;)
I just patched up the actions to feed the appropriate items through ""ReturnSafeHTML()"".
Hey Dreck, I do have a request.
although the problem is solved, moved the stuff to CachingRSS and added some remarks
----
Good work, guys =)
-- RomanIvanov
thanks ;) and (of course) thanks for the hint! --DreckFehler
So,
{{table cellpadding="'><script>alert(1);</script>" columns="3" cells="**BIG**;**GREEN**;**FROGS**;yes;yes;no;no;yes;yes"}}
''Fixed in Wikka 1.1.3.8 -- JsnX''
====table action has an XSS.====
So,
{{googleform q="'><script>alert(2)</script>"}}
''Fixed in Wikka 1.1.3.8 -- JsnX''
====googleform action has an XSS.====
So,
{{rss url="http://ar.sky.ru/xss.xml" cache="cachef.xml"}}
''Fixed in Wikka 1.1.3.8 -- JsnX''
====rss action has an XSS and also supposed unsafe because any malefactor can generated BIG amount of incoming traffic, which may be expensive.====
any suggestions how to address this issue?
here is mine (which doesn't fix the rss-exploit, but i seem to have some more general probs with the rss-action in my wikka-installation. and this exploit isn't located in the parameter-handling. it has to be handled in the rss-action itself):
%%(php)<?
if (is_array($matches)) {
for ($a = 0; $a < count($matches[0]); $a++) {
$vars[$matches[1][$a]] = htmlentities($matches[2][$a], ENT_QUOTES);
}
}
$vars["wakka_vars"] = htmlentities(trim($vars_temp), ENT_QUOTES);
?>%%
**attention:** this hack may confuse some actions, which aren't aware that the parameters now are passed over as htmlentities! it may be sufficient to treat only the occurance of single quotes, since this is the point where the first two of romans exploit's hook in.
i hate that guys who cause problems but omit the solutions ;)
----
Yeah, that Roman guy is a big trouble-maker. ;)
I just patched up the actions to feed the appropriate items through ""ReturnSafeHTML()"".
Hey Dreck, I do have a request.
although the problem is solved, moved the stuff to CachingRSS and added some remarks
----
Good work, guys =)
-- RomanIvanov
thanks ;) and (of course) thanks for the hint! --DreckFehler
