150247 – Mambo php charaters injection

Bug 150247 - Mambo php charaters injection

Summary: Mambo php charaters injection

Status:	RESOLVED UPSTREAM

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	All Linux

Importance:	High trivial (vote)
Assignee:	Gentoo Linux bug wranglers

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2006-10-06 03:27 UTC by Emanuele Gentili
Modified:	2006-10-06 03:39 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Emanuele Gentili 2006-10-06 03:27:31 UTC

* isnt security ISSUE! *

In the Mambo survey modules, there is a little problem that originates
character injections.

http://www.site.dom/index.php?option=com_poll&task=results&id=18&mosmsg=messages

You can edit "messages" and insert what you prefer; 
Module capture it and show the messages in the page.

Try it:
http://www.slacky.it/index.php?option=com_poll&task=results&id=18&mosmsg=TEST
(my friend website)

NOW demo.mamboserver.com vulnerable!
http://demo.mamboserver.com/index.php?option=com_poll&task=results&id=15&mosmsg=BUGGED

 
CMS usually use Global Active Var..
Mambo used mosmsg only for survey modules, and i think this alpha-patch:

$mosmsg='Thanks for your vote!';



Joomla too was bugged: http://bugs.gentoo.org/show_bug.cgi?id=149934


Mambo devel contacted.

Comment 1 Jakub Moc (RETIRED) gentoo-dev

2006-10-06 03:37:26 UTC

As said on the other bug, please send this upstream.

Comment 2 Emanuele Gentili 2006-10-06 03:39:02 UTC

(In reply to comment #1)
> As said on the other bug, please send this upstream.
> 

ok, sorry :)