[pLog-svn] Lifetype 1.2.8 ...
Jon Daley
plogworld at jon.limedaley.com
Sun May 4 06:04:27 EDT 2008
On Sun, 4 May 2008, Mark Wu wrote:
> For 6435, you can try to revert the code first, then try to search your
> article category with a keyword that you don't have, for example 'abc'.
>
> Do you see the different? So, I say it is a more serious bug. Because it can
> show other article categories...
Ok, I see it. But I wouldn't call it "serious", since the person
can't do anything with the other categories - ie. if he clicks on them it
shows an error. Definitely a bug, just not a needs-to-be-released-today
sort of bug.
> For 6436 & 6437, Just fix the XSS you reported in svn.
I didn't understand the code that the guy was showing.
Can't his exploit be more simply written:
<body onLoad=javascript:document.form.lala.value=document.cookie>
<form name="form">
<input type="text" name="lala" value="">
</form>
</body>
I am not sure where the security issue is. A user can see his own cookie,
which he could also do by viewing his cookies in his browser. And this
can't be prevented by server side code.
I had originally assumed this meant the user could get data that he
didn't already have, or that the data could be sent to someone else, but I
no longer see how that is the case. If he can get you to send that data
to some other web page that would be more interesting. Or perhaps he is
saying that the cookie data ends up in the search terms, so then the
content would be in a log somewhere?
More information about the pLog-svn
mailing list