NOTE: If you are a developer, please use a private wiki based on foswiki/trunk on a daily base ...or use trunk.foswiki.org to view this page for some minimal testing.
Use Item9693 for docu changes for 1.2 and 2.0.
You are here: Foswiki>Tasks Web>Item405 (08 Jan 2009, KwangErnLiew) Edit this topic text (e) Attach an image or document to this topic; manage existing attachments (a) View sequential topic history View without formatting (v) Create new topic Printable version of this topic (p) More: delete or rename this topic; set parent topic; view and compare revisions (m)

Item405: ORIGURL used in template login used for example for reset password is an XSS attach vector

Priority: CurrentState: AppliesTo: Component: WaitingFor:
Urgent Closed Engine   Main.KennethLavrsen
ORIGURL used in template login used for example for reset password is an XSS attach vector 

http://somedomain.com/foswiki/bin/login/System/ResetPassword?origurl=/System/ResetPassword%3fusername%3d%22%3Cscript%3Ealert(%273y3%200wn%20j00%20TWIKI%27)%3C/script%3E%3brefresh%3don

Spotted by MichaelDaum. Brilliant.

Fixed by KennethLavrsen

PS. yes this also applies to TWiki 4.2.4

i forwarded this report to twiki-security@lists.sourceforge.net on 7 dec 2008

ItemTemplate edit

Summary ORIGURL used in template login used for example for reset password is an XSS attach vector
ReportedBy Foswiki:Main.KennethLavrsen
Codebase trunk
SVN Range TWiki-4.2.3, Wed, 06 Aug 2008, build 17396
AppliesTo Engine
Component
Priority Urgent
CurrentState Closed
WaitingFor KennethLavrsen
Checkins
TargetRelease patch
ReleasedIn 1.0.0
Edit | Attach | Print version | History: r3 < r2 < r1 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r3 - 08 Jan 2009, KwangErnLiew
 
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. see CopyrightStatement. Creative Commons LicenseGet Foswiki at sourceforge.net. Fast, secure and Free Open Source software downloads