Mantis Bugtracker 

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0008808TestLinkSecurity - XSSpublic2019-12-02 16:302019-12-05 17:59
Assigned To 
PlatformOSOS Version
Product Version1.9.19.01 (1.9.19 fixes) 
Fixed in Version 
Summary0008808: TestLink v1.9.19.1 - Bypass security fix for XSS at index.php
DescriptionIn the commit, [^] the function strpos is used to check the parameter reqURI whether it contains the word "javascript".

However, strpos is case-sensitive, which means we can bypass it by using "jAvascript", "javaScript",...

For example, accessing the URL /index.php?reqURI=jAvascript:alert('XSS') will still trigger the XSS payload.

I suggest using the function stripos instead.
TagsNo tags attached.
Database (MySQL,Postgres,etc)N/A
PHP Version
QA Team - Task Workflow Status
Attached Files

- Relationships

-  Notes
fman (administrator)
2019-12-05 17:59

Hi, thanks a lot

- Issue History
Date Modified Username Field Change
2019-12-02 16:30 Sudoka New Issue
2019-12-05 17:59 fman Note Added: 0029319

Copyright © 2000 - 2019 MantisBT Team
Powered by Mantis Bugtracker