FS#7901 - Xss on http://aur.archlinux.org/

Attached to Project: AUR web interface
Opened by Bruno (Bruno) - Monday, 27 August 2007, 16:13 GMT
Last edited by eliott (cactus) - Thursday, 06 December 2007, 04:24 GMT
Task Type Bug Report
Category Backend
Status Closed
Assigned To No-one
Architecture All
Severity Medium
Priority Normal
Reported Version 1.2.9
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 2
Private No
This task depends upon

Closed by  eliott (cactus)
Thursday, 06 December 2007, 04:24 GMT
Reason for closing:  Not a bug
Additional comments about closing:  wtf?
closing again.
Comment by Bruno (Bruno) - Wednesday, 29 August 2007, 18:16 GMT
Add to variable only addslashes() + htmlspecialchars ew. trim()... /:
Comment by tardo (tardo) - Saturday, 08 September 2007, 03:38 GMT
this doesn't happen in the latest revision...
Comment by eliott (cactus) - Saturday, 08 September 2007, 07:40 GMT
ok. marking fixed then.
Thanks tardo.
Comment by tardo (tardo) - Wednesday, 05 December 2007, 20:01 GMT
I take that back. Apparently the flaw only occurs when you're not logged in.
Comment by eliott (cactus) - Thursday, 06 December 2007, 00:50 GMT
i am not logged in, and the link above simply inserts text into the page, but it is html entity escaped.
<script>alert('xss');</script>

Ugly for the user doing it, yes..but not XSS.
Have you gotten different results?
Comment by tardo (tardo) - Thursday, 06 December 2007, 03:44 GMT
Same thing. Not sure why Paul reopened it. You only get an ugly output if you _attempt_ to use XSS. Everything else should work normally.

and for the record, my previous comment was written months ago.. not today.

Loading...