[aur-dev] [PATCH] Cross-Site Scripting vulnerability
Viktor Leonhardt
leonharv at unix-ag.uni-kl.de
Sat Oct 2 12:56:06 EDT 2010
Hello,
While working on a better E-mail validation, i found some cross-site
vulnerabilities
in the lib/accfuncs.inc. Here is the Patch, witch is fixing this
problem. I hope, that i found
all relevant parts, because I'm not so familiar with this site. You can
try it by your own
by setting a user name or e-mail with a single quote. Like:
"foo'><script>alert('XSS');</script>"
I will soon commit a patch for the E-mail validation using this website[1].
The most is working, except an problem with the double quotes.
[1] http://www.linuxjournal.com/article/9585
greetings Viktor
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 0001-Fixing-XSS-vulnerability.patch
URL: <http://mailman.archlinux.org/pipermail/aur-dev/attachments/20101002/6c93bcd3/attachment.ksh>
More information about the aur-dev
mailing list