|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  World Laboratory of Bugtraq Database |
||||||||||
SecurityAlert : None
Credit : YGN Ethical Hacker Group (http://yehg.net) SecurityRisk : Low  (About) Remote : Yes Local : No Status : Bug
Text : ======================================== CodeIgniter Global XSS Filtering Bypass Vulnerability ======================================== Discovered by: Aung Khant, YGN Ethical Hacker Group, Myanmar http://yehg.net/ ~ believe in full disclosure Product : CodeIgniter < http://www.codeigniter.com> Product Description : Open-source PHP Framework Pen-Tested Version : 1.5.2 Vulnerability : User-Agent injection Risk : Medium Threat : XSS, Log File Tampering Advisory URL: http://yehg.net/lab/pr0js/view.php/CodeIgniter%20Global%20XSS%20Filtering%2 0Bypass%20Vulnerability.pdf Description: $CI->input->user_agent() fails to check the validity of user-agent type.It simply extracts from $_SERVER array without checking whether it is bad string injection or not. In this case, we can spoof user agent string of our browser with our arbitrary commands that can bypass stronger CodeIgniter Security class even if $config['global_xss_filtering'] = TRUE;. Thus we can execute XSS on the fly. Audyt bezpieczeństwaSecurity AuditAnaliza powłamaniowa References : http://seclists.org/fulldisclosure/2009/Jul/0422.html http://yehg.net/lab/pr0js/view.php/CodeIgniter%20Global%20XSS%20Filtering%2 0Bypass%20Vulnerability.pdf If you want change this note, please use UCP
|
||||||||||
| Alert | ||
Allow attacker to denial of service apache 2.2.17 server |
||
| Apache |  |
|
- 2011-05-13| Copyright © SecurityReason.com. All Rights Reserved. |