Skip to main content

This site requires you to update your browser. Your browsing experience maybe affected by not having the most up to date version.

Archive /

Our old forums are still available as a read-only archive.

Moderators: martimiz, Sean, biapar, Willr, Ingo, simon_w

XSS in search module.


Reply


2 Posts   2508 Views

Avatar
mateusz.ujma

Google Summer of Code Hacker, 6 Posts

2 April 2007 at 7:42am

I found XSS in search module:

http://demo.silverstripe.com/search/?Search=%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E&action_results=Search&formController=home%2F&executeForm=SearchForm&action_results=Go

Combining it with CSRF could be harmful.

Avatar
Sigurd

Forum Moderator, 628 Posts

4 April 2007 at 12:46pm

Edited: 04/04/2007 5:23pm

Thanks very much for pointing this out mateusz, its immensely helpful for people to be notifying us of security issues like this! Sean has looked into this and fixed it yesterday, so it is available for download in our daily builds. It has been escalated to be included in our 2.0.1 release too, hence we just built 2.0.1rc4 ...

patch:

search/SearchForm.php   (revision 33165)
public function getSearchQuery() {
-      return $_REQUEST['Search'];
+      return Convert::raw2xml($_REQUEST['Search']);
}