Wiki is vulnerable to injection

devaneando / Wikitten

Wikitten is a small, fast, PHP wiki, and the perfect place to store your notes, code snippets, ideas, and so on.

MIT License

739 stars 174 forks source link

Wiki is vulnerable to injection #35

Closed amlwwalker closed 10 years ago

amlwwalker commented 10 years ago

The wiki pages are vulnerable to javascript injection. Putting this on a page is risky.

can a routine be run on "Saving changes" to check for and encode any script tags in the wiki are protected against?

victorstanciu commented 10 years ago

Well, if you enable editing in config.php and then place Wikitten on a public server, without any kind of additional protection (like HTTP authorization), of course you are going to be in trouble.

amlwwalker commented 10 years ago

Its more that it accepts <!script!> tags etc to be put into the page without any encoding or protection against direct javascript injection. Its a case of checking what is being added to the page and removing <!script!> <!scri<!script!>pt> <!sCrIpt!> etc etc tags and replacing them with safe encoded equivelents...

EDIT: Notice I had to add the ! to my script tags here as github wont allow them to be put on a page - a crude but effective protection against the same thing.