Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:26008
HistoryDec 02, 2011 - 12:00 a.m.

CodeIgniter 'CI_Security' Class 'xss_clean()'过滤器安全绕过漏洞

2011-12-0200:00:00
Root
www.seebug.org
49
JSON

Bugtraq ID: 50847
CVE ID:CVE-2011-4025

CodeIgniter是一套给PHP网站开发者使用的应用程序开发框架和工具包

依赖xss_clean过滤器进行XSS保护的EllisLab ExpressionEngine和CodeIgniter存在跨站脚本漏洞,允许攻击者进行会话劫持,信息泄露,安装恶意软件等攻击。
CI_Security类的_remove_evil_attributes函数和xss_clean实现存在缺陷,内部XSS过滤器可被绕过,允许在使用EllisLab ExpressionEngine和CodeIgniter产品上进行成功的XSS攻击。

CI_Security类的_remove_evil_attributes函数允许检测和删除作为GET或POST请求参数发送的HTML标记中事件属性(如onmouseover, onfocus等)上的’evil’,通过利用_remove_evil_attributes实现缺陷,攻击者可以注入XSS负载。

EllisLab ExpressionEngine 2.2.2
EllisLab CodeIgniter 2.0.3
厂商解决方案

EllisLab ExpressionEngine 2.3.1和EllisLab CodeIgniter 2.1已经修复此漏洞,建议用户下载使用:
http://expressionengine.com/
http://codeigniter.com/

Related

packetstorm 1
securityvulns 2
packetstorm
packetstorm
ExpressionEngine 2.2.2 / CodeIgniter 2.0.3 Cross Site Scripting
2011-11-30 00:00:00
securityvulns
securityvulns
MVSA-11-013 - EllisLab xss_clean Filter Bypass - ExpressionEngine and CodeIgniter
2011-12-05 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2011-12-05 00:00:00
JSON
Related for SSV:26008
packetstorm1securityvulns2