Back to list
Mephisto blog is vulnerable to XSS
Mar 25 2007 05:52AM
Sergey Tikhonov (st haqu net)
Current bleeding-edge version of Mephisto blog is vulnerable to XSS.
rejects comments manually, he have to load all unapproved comments,
so it's possible to fetch his session id.
Add new comment with the following author name: <script>alert
Then from admin's overview section check this comment - you'll see
message with cookie.
If you manually approve your comments, check list of pending comments.
How to fix it
patch for <approot>/app/helpers/application_helper.rb :
< return comment.author if comment.author_url.blank?
> return h(comment.author) if comment.author_url.blank?
[ reply ]
Copyright 2010, SecurityFocus