Back to list
|
Post reply
usd250 helpdesk XSS vulnerabily.
Oct 22 2007 10:37PM
Joseph giron13 gmail com
http://www.oneorzero.com/
Within the helpdesk utility usd250, an XSS in the comments field is possible.
The comments strip script tags and replace them with (not allowed), but
script tags dont need to be in place for XSS. Something along the lines of...
<b onmouseover="window.alert('omghax')">some text</b> Suffices.
The fix is to use htmlentities() or htmlspecialchars() to filter ALL html
from user input.
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
http://www.oneorzero.com/
Within the helpdesk utility usd250, an XSS in the comments field is possible.
The comments strip script tags and replace them with (not allowed), but
script tags dont need to be in place for XSS. Something along the lines of...
<b onmouseover="window.alert('omghax')">some text</b> Suffices.
The fix is to use htmlentities() or htmlspecialchars() to filter ALL html
from user input.
[ reply ]