Project

General

Profile

Actions
Copy link

Bug #19523

closed

Crossite scripting vulnerability in Core ext. felogin

Added by Dirk Hoffmann over 15 years ago. Updated about 7 years ago.

Status:
Closed
Priority:
Should have
Assignee:
Ingo Renner
Category:
-
Target version:
-
Start date:
2008-10-29
Due date:
% Done:

0%

Estimated time:
TYPO3 Version:
4.2
PHP Version:
4.3
Tags:
Complexity:
Is Regression:
No
Sprint Focus:

Description

The redirect_url parameter in felogin extension is not filtered by htmlspecialchars.

I have test this on a fresh installed Tzpo3 4.2.2 without anz third partz extensions.
Simple create a loginform and call the login page e.g with this url:

http://www.somedomain.tld/index.php?id=login&redirect_url=%22%3e%3cSCRIPT%3ealert('Paros')%3c/SCRIPT%3e%3cspan%20%22

"login" is the alias of the login page

Note: In some cases the server configuration can prevent this isue.
(issue imported from #M9673)

Files

Download all files
felogin.patch (622 Bytes) felogin.patch Administrator Admin, 2008-10-29 17:22
9673.diff (1.19 KB) 9673.diff Administrator Admin, 2008-10-30 09:24
0009673_rev4386.diff (1.24 KB) 0009673_rev4386.diff Administrator Admin, 2008-10-30 16:35
Actions
Copy link

Also available in: Atom PDF