search

oseawey / timthumb

Automatically exported from code.google.com/p/timthumb
0 stars 0 forks source link

Xss injection #107

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Try to get an image with a bad picture link
2. Inject arbitrary code in the link
3. Show the displayError() message without an sanitaze link 

What is the expected output? What do you see instead?

An error with arbitary code, an error without arbitary code ;p 

What version of the product are you using? On what operating system?

Wordpress 3.0

Please provide any additional information below.

To fixed it, juste modify the line 610 : 

die($errorString); -- > die(htmlspecialchars($errorString));

(And sorry for my bad english ;o)

Original issue reported on code.google.com by gueux...@gmail.com on 15 Aug 2010 at 2:17

GoogleCodeExporter commented 9 years ago 
Hi there - good catch on the potential security error. Will get this in the 
next commit which will happen in a day or two.

No problem with your English either - perfectly understandable :)

Thanks a lot!

Original comment by BinaryMoon on 20 Aug 2010 at 1:53

GoogleCodeExporter commented 9 years ago

Original comment by BinaryMoon on 29 Aug 2010 at 9:56