Ticket #38976

XSS脆弱性

Open Date: 2019-02-20 20:01 Last Update: 2019-02-20 20:01

Reporter:
(Anonymous)
Owner:
Type:
Status:
Open [Owner assigned]
Component:
(None)
MileStone:
(None)
Priority:
5 - Medium
Severity:
8
Resolution:
None
File:
None

Details

XSS脆弱性がありました。 wiki.cgiの1811行目 $::form{refer} = &code_convert(\$::form{refer}, $::defaultcode) if($::form{refer}); の下に $::form{refer} =~ s/&/&amp;/g; # & → &amp; $::form{refer} =~ s/</&lt;/g; # < → &lt; $::form{refer} =~ s/>/&gt;/g; # > → &gt; $::form{refer} =~ s/"/&quot;/g; # " → &quot; $::form{refer} =~ s/'/&#39;/g; # ' → &#39; を追記すると回避できるようです。

Ticket History (1/1 Histories)

2019-02-20 20:01 Updated by: None
  • New Ticket "XSS脆弱性" created

Attachment File List

No attachments

Edit

You are not logged in. I you are not logged in, your comment will be treated as an anonymous post. » Login