Forums

XSS in login page

Permalink
Hi,

ControlScan (they do security checks for merchant banks) recently scanned a clients site. The only worrying bit they came back with was some XSS issues on the login page.

Below from their report:
index.php/login/do_login/?submit=&rcID=&uName=<BODY ONLOAD=alert($URL$) >&uPassword=&uMaintainLogin= Seen on : /index.php/login/do_login/?submit=&rcID=&uName=<BODY%20ONLOAD=alert(G2f6 96e6465782e7068702f6c6f67696e2f646f5f6c6f67696e2f3f7375626d69743d2672634 9443d26754e616d653d3c424f4459204f4e4c4f41443d616c657274282455524c24293e2 67550617373776f72643d26754d61696e7461696e4c6f67696e3d)>&uPassword=&uMain tainLogin=
-------- output -------- <div> <label for="uName"> Username </label><br/> <input type="text" name="uName" id="uName" value="<BODY ONLOAD=ale [...] </div> <br>


AND

Using the GET HTTP method, Nessus found that : + The following resources may be vulnerable to cross-site scripting (XSS) : /index.php/login/do_login/?uName=<IMG%20SRC="javascript:alert(42);">
-------- output -------- <div> <label for="uName"> Username </label><br/> <input type="text" name="uName" id="uName" value="<IMG SRC="javasc [...] </div> <br>


hope this helps.

Cheers,
Anthony
apc123
 
jgarcia replied on at Permalink Reply
jgarcia
Good catch. I post this to the bug tracker here:

http://www.concrete5.org/developers/bugs/5-4-1-1/xss-vulnerability-...
fennesoutdoorservices replied on at Permalink Reply
I recieved an email from sitelock with the same information but I have no idea how to find where to input the code to fix the issue.

thank you.
apc123 replied on at Permalink Reply
apc123
The best fix is to upgrade. The newer versions fixed this bug along with a bunch more.