Security

Find a web host that supports Siteframe

In search.php, an unmodified $_GET variable is assigned to a Smarty variable, where it can be displayed on a page. A malicious intruder could insert evil Javascript into the query string and execute it from the page.

IMMEDIATE FIX

On line 64 of search.php, wrap the $_GET['q'] in the htmlentities() function:

    $PAGE->assign('search_string', htmlentities($_GET['q']));

This will convert tags to HTML character entities and prevent the code from being executable on the target machine.

This fix will be included in Siteframe 5.0.2, but you should make this change immediately in the meantime.

See here for more details.

by glen (Glen Campbell)
February 11, 2006 15:38
in Security

• Next: Siteframe 3: Cross-Site Scripting (XSS) Vulnerability

• Tags
• security
• xss
• all tags

©2005-7 Glen Campbell / powered by Siteframe™ Beaumont 5.0.5
Site Map / About / Terms of Service / Privacy Policy / Contact Us / Help