- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 37521
- Проверка EDB
-
- Пройдено
- Автор
- KRZYSZTOF KOTOWICZ
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2012-1915
- Дата публикации
- 2012-07-19
CodeIgniter 2.1 - 'xss_clean()' Filter Security Bypass
Код:
source: https://www.securityfocus.com/bid/54620/info
CodeIgniter is prone to a security-bypass vulnerability.
An attacker can exploit this issue to bypass XSS filter protections and perform cross-site scripting attacks.
CodeIgniter versions prior to 2.1.2 are vulnerable.
Build an application on CodeIgniter 2.1.0:
// application/controllers/xssdemo.php
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class Xssdemo extends CI_Controller {
public function index() {
$data['xss'] =
$this->security->xss_clean($this->input->post('xss'));
$this->load->view('xssdemo', $data);
}
}
// application/views/xssdemo.php
<form method=post>
<textarea name=xss><?php echo htmlspecialchars($xss);
?></textarea>
<input type=submit />
</form>
<p>XSS:
<hr />
<?php echo $xss ?>
Launch http://app-uri/index.php/xssdemo and try above vectors.- Источник
- www.exploit-db.com
