XSS - rtr param
#1
Comments
|
Nice catch. I think this only affects if the debug is enabled (you get more debugging comments in the page in this case) but it should still be addressed of course. Probably the best way to deal with it is to disallow '<' in the router name entirely (and also other dangerous characters like '/' which may break the code elsewhere) I'm not doing active development on routers2 any more but will fix this in the repo |
|
The following CVE ID has been assigned to this vulnerability: CVE-2018-6193 |
|
Fixed in the master branch. This vulnerability also affect the Note that this vulnerability does not affect hosts with the |
|
I'll make a new release once I've completed testing on the fix. |
|
Thanks for your time and for the will to make product secure!! |
During a security test I found that routers2.cgi has a Cross-Site Scripting (XSS) vulnerability, affecting the
rtrGET parameter in the request below. This may enable attackers to inject malicious scripts into client browser.http://www.steveshipway.org/cgi-bin/routers2.pl?rtr=--><script>alert("XSS")</script>&bars=Cami&xgtype=d&page=graph&xgstyle=l2&xmtype=routersCause:
print "<!-- R:[$router]\n I:[$interface]\n A:[$archive]\n U:[$authuser] -->\n";All the params returned in the HTML should be escaped.
The text was updated successfully, but these errors were encountered: