skin xss

If you've made a patch to quick fix a bug or to add a new feature not yet in the main tree then post it here so others can try it out.
Post Reply
MarcoP
Posts: 46
Joined: Wed Mar 24, 2010 1:46 pm

skin xss

Post by MarcoP » Sat Apr 10, 2010 6:57 am

index.php?skin=<script>alert('ciao');</script>

whatboy
Posts: 304
Joined: Mon Aug 31, 2009 10:31 pm

Post by whatboy » Sat Apr 10, 2010 5:43 pm

Looks like you miss something???

MarcoP
Posts: 46
Joined: Wed Mar 24, 2010 1:46 pm

Post by MarcoP » Thu Apr 15, 2010 8:45 am

I'm not missing anything ;)

in index.php line 63, for additional security,

change

Code: Select all

if ( isset($_GET['skin']) )
    $skin = $_GET['skin'];
elseif ( isset($_COOKIE['zmSkin']) )
    $skin = $_COOKIE['zmSkin'];
else
    $skin = "classic";
to

Code: Select all

if ( isset($_GET['skin']) && preg_match('#^[a-z]+$#', $_GET['skin']))
    $skin = $_GET['skin'];
elseif ( isset($_COOKIE['zmSkin']) && preg_match('#^[a-z]+$#', $_COOKIE['zmSkin']) )
    $skin = $_COOKIE['zmSkin'];
else
    $skin = "classic";

whatboy
Posts: 304
Joined: Mon Aug 31, 2009 10:31 pm

Post by whatboy » Thu Apr 15, 2010 7:04 pm

Told ya you miss something... you miss that I didn't understood a thing... now seems clearer!!! :P

Post Reply

Who is online

Users browsing this forum: No registered users and 4 guests