5ko at 5ko.fr
Thu Jun 26 03:24:07 CDT 2008
On Thursday 26 June 2008 05:19:52 Greg Grimes wrote:
> Anytime a POST or GET request is sent and there is no sanitation of the
> input you have the potential for SQL Injection, XSS, File Injection(which
> is what I think you are thinking about), and various other attacks. The
> way this vuln works is anytime the AuthForm is called it takes the URI and
> puts it in the <form> tag. Also, contrary to what DaveG said, your PmWiki
> is vulnerable also. Firefox thankfully prevents this type of thing, but IE
> doesn't. Open the following URL in IE and you will get a popup box with
> XSS in it. Now, this is only a proof of concept and it is EASILY spotted,
> but a malicious person could easily make it look like a legitimate link for
> you to follow and then when you click on it, you actually get redirected to
> Just use your imagination on the payload. You could even change the
> alert("XSS") to window.print() and it'll bring up the browser's print
> dialogue. Here is the link:
My authform seems to convert < and > to %3E and %3C, so the <script> tag is
not displayed nor run.
worked, I cannot imagine how my site is XSS vulnerable. YOU need to go to
this (invalid) url, or to trick someone who trusts YOU to follow a bogus link
to my site, but this does not affect neither the security/integrity of my
website, nor any other of my visitors in any way.
But, if you can trick someone to click on your bogus link leading to my site,
you can also trick him to click on such a link:
which keeps me wondering why would an attacker use my site and what exactly
can he get from this.
Thanks for your answers.
More information about the pmwiki-devel