xss into session_controller
Reported by preth00nker | August 7th, 2010 @ 05:35 PM
Hello, i'm a sucessful user of your software, i'm very happy
about you development's work, so i really want to make a
contribution with you, whatever, i found a "Cross site script"
Vulnerability inside the restful-authentication plug-in (for rails)
and i want to fix it, when a user doesn't login in a correct way an
advice appear (Default: Couldn't log you in as 'user'), so, an evil
request can be used for a malicious user for take advantage about
it and i don't know, do some bad stuff, well, the error is between
the 40-43 line, therefor, here's the error
40: def note_failed_signin
41: flash[:notice] = "Couldn't log you in as
'#{params[:login]}'"
42: logger.warn "Failed login for '#{params[:login]}' from
#{request.remote_ip} at #{Time.now.utc}"
43: end
in this instance we have 3 xss, the first comes in the line
#41,
where params[:login] can be used with something like '< h 1
>' so , when the user reflect the answer, he'll get a
titled-text (in bold and, big font and stuff..), the second one
comes in the 42 line (with the third bug) when the code
<<#{params[:login]}' from #{request.remote_ip}>> is
used by you (it for show the ip-address and login parameters), the
bug is like the first one, well, for fix this issue we can use the
function "h" wich prints the outcomes as html-encoded type in the
client-side-browser.
i hope to be helpful and please mail me for any question!
sincerely Christian
File: session_controller.rb
No comments found
Please Sign in or create a free account to add a new ticket.
With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป
Restful Authentication Generator
This widely-used plugin provides a foundation for securely managing user
authentication:
* Login / logout
* Secure password handling
* Account activation by validating email
* Account approval / disabling by admin
* Rudimentary hooks for authorization and access control.
http://github.com/technoweenie/restful-authentication/tree