Security Holes on Input Fields

dates1967 / simpleinvoices

Automatically exported from code.google.com/p/simpleinvoices

GNU General Public License v3.0

0 stars 0 forks source link

Security Holes on Input Fields #166

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

What steps will reproduce the problem?
1. Load the new biller form
2. Input <script>alert("Hacked!");</script> in the input field
3. Save and load the 'Billers' page and you will see the vulnerability.

What is the expected output? What do you see instead?
strip_tags() should be used to prevent this type of attack.

Original issue reported on code.google.com by MattAntW...@gmail.com on 26 Jul 2011 at 12:19

GoogleCodeExporter commented 9 years ago

Thanks for the submitting this bug.  It has been fixed with r3644.

Original comment by seth.lau...@gmail.com on 26 Jul 2011 at 2:24

Changed state: Closed-Fixed

GoogleCodeExporter commented 9 years ago

Hi Seth,

Thanks for submitting a fix.
I've done a bit of digging and this vulnerability pops up all over the place.
As soon as I have commit access with this gmail account I will go through and 
fix all the vulnerabilities.

Matt

Original comment by MattAntW...@gmail.com on 26 Jul 2011 at 2:36

GoogleCodeExporter commented 9 years ago

Howdy Matt,

I have modified the dbQuery function to strip any tags out of arguments passed 
through it.  Would this not catch any other vulnerabilities of this type?

Thanks,
Seth

Original comment by seth.lau...@gmail.com on 26 Jul 2011 at 3:19

GoogleCodeExporter commented 9 years ago

Hi Seth,

Yes my mistake I had missed that change.
Thank you for fixing this :)

Matt

Original comment by MattAntW...@gmail.com on 26 Jul 2011 at 4:11