[aur-dev] [PATCH] Cross-Site Scripting vulnerability
Loui Chang
louipc.ist at gmail.com
Sat Oct 2 12:13:10 EDT 2010
On Sat 02 Oct 2010 16:56 +0000, Viktor Leonhardt wrote:
> Hello,
> While working on a better E-mail validation, i found some cross-site
> vulnerabilities
> in the lib/accfuncs.inc. Here is the Patch, witch is fixing this
> problem. I hope, that i found
> all relevant parts, because I'm not so familiar with this site. You
> can try it by your own
> by setting a user name or e-mail with a single quote. Like:
>
> "foo'><script>alert('XSS');</script>"
>
> I will soon commit a patch for the E-mail validation using this website[1].
> The most is working, except an problem with the double quotes.
>
> [1] http://www.linuxjournal.com/article/9585
>
> greetings Viktor
> From eaea9a4d11c1cd2740079864d28d9a10329fe849 Mon Sep 17 00:00:00 2001
> From: Viktor Leonhardt <leonharv at unix-ag.uni-kl.de>
> Date: Sat, 2 Oct 2010 16:47:52 +0000
> Subject: [PATCH] Fixing XSS vulnerability
>
> ---
> web/lib/acctfuncs.inc | 30 +++++++++++++++---------------
> 1 files changed, 15 insertions(+), 15 deletions(-)
Wow I thought that was fixed a long time ago. Thanks.
More information about the aur-dev
mailing list