[Bug 9754] New: Possible XSS exploit possibility
http://bugs.winehq.org/show_bug.cgi?id=9754 Summary: Possible XSS exploit possibility Product: WineHQ Apps Database Version: unspecified Platform: Other URL: http://appdb.winehq.org/objectManager.php?bIsQueue=false &bIsRejected=false&sClass=application&iId=1369&sAction=s howMoveChildren&sTitle=Could%20this%20be%20exploited? OS/Version: other Status: UNCONFIRMED Severity: major Priority: P2 Component: website-bugs AssignedTo: wine-bugs(a)winehq.org ReportedBy: marco(a)harddisk.is-a-geek.org While surfing the AppDB entry for GTA Vice City (http://appdb.winehq.org/objectManager.php?sClass=application&iId=1369), I found a link at the bottom of the page stating "Move child objects". I clicked on it and found out that the URL contains a parameter sTitle, which apparently sets the page title and can be set to any text I think of. Good news is that obvious Javascript does not work, but I think it'd be easy for a pro to develop a working XSS exploit. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=9754 --- Comment #1 from Marco Schuster <marco(a)harddisk.is-a-geek.org> 2007-09-29 03:36:09 --- Even after #9755 got fixed and I get the error message "Insufficient privileges", I am still able to change the title via sTitle in the URL. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=9754 Chris Morgan <cmorgan(a)alum.wpi.edu> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |cmorgan(a)alum.wpi.edu --- Comment #2 from Chris Morgan <cmorgan(a)alum.wpi.edu> 2007-10-16 21:42:41 --- (In reply to comment #1)
Even after #9755 got fixed and I get the error message "Insufficient privileges", I am still able to change the title via sTitle in the URL.
The title is generated upon page refresh using the information in the url. As far as I can tell you are only changing the title that you see on the page. I'm not sure that this presents a security concern. Chris -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=9754 Alexander Nicolaysen Sørnes <alex(a)thehandofagony.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |alex(a)thehandofagony.com Status|UNCONFIRMED |RESOLVED Resolution| |INVALID --- Comment #3 from Alexander Nicolaysen Sørnes <alex(a)thehandofagony.com> 2007-10-18 03:56:06 --- I don't think it does either, but thanks for alerting us of possible issues. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
http://bugs.winehq.org/show_bug.cgi?id=9754 Austin English <austinenglish(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #4 from Austin English <austinenglish(a)gmail.com> 2008-11-17 13:11:21 --- Closing. -- Configure bugmail: http://bugs.winehq.org/userprefs.cgi?tab=email Do not reply to this email, post in Bugzilla using the above URL to reply. ------- You are receiving this mail because: ------- You are watching all bug changes.
participants (1)
-
wine-bugs@winehq.org