Projects ⇒ Bugs ⇒ #393: script exploit ⇒ CPG Dragonfly™ CMS
Bug #393 script exploit
Project: Dragonfly 9.0.3 -> 9.3 Category: Security
Submitted: Tuesday, April 05, 2005 (21:56:53) Modified: Tuesday, April 05, 2005 (23:11:28)
Status: Closed Assigned to:
PHP Version: 4.3.8 HTTPD Server: Apache 1.3

View/Vote Add Comment

by: qrees
Description:
------------
In 'block-Preview_theme.php' line 25th:
$qs .= $var."=".$value.= "&";

shold be changed to:
$qs .= urlencode($var."=".$value.= "&");

First code allows to run for example java scripts on client comuter, example:
www.example.com/index.php?name=Your_Account&profile=anyone"><script>alert('foo')</script>

Corrected code will encode "><script>alert('foo')</script>" thus not allowing it to run.
by: qrees
I'm afraid that there are more simmilar bugs in code, but i don't have time to look for all places which should be corrected.
by: akamu
This bug has been fixed in the CVS.

Snapshots of the sources are packaged every 6 hours; this change
will be in the next snapshot. You can grab the snapshot at the
Downloads section.

Thank you for the report, and for helping us to make CPG-Nuke 9.0.3 -> 9.1 better.

This bug has been fixed in the CVS.

Snapshots of the sources are packaged every 6 hours; this change
will be in the next snapshot. You can grab the snapshot at the
Downloads section.

Thank you for the report, and for helping us to make CPG-Nuke 9.0.3 -> 9.1 better.

this with only exploit yourself...
User Info

Welcome Anonymous



(Register)
Community

Support for DragonflyCMS in a other languages:

Deutsch
Español