OSDN -- 오픈 소스 소프트웨어 개발 및 다운로드
Translation Status of 한국말 translation status for ko

Ticket #38976
Ticket List Submit New Ticket RSS

XSS脆弱性

오픈 날짜: 2019-02-20 20:01 마지막 업데이트: 2019-02-20 20:01

Reporter:
(Anonymous)
소유자:
papu
Type:
Bugs
Status:
Open [Owner assigned]
Component:
(None)
MileStone:
(None)
Priority:
5 - Medium
Severity:
8
Resolution:
None
File:
None

Details

XSS脆弱性がありました。 wiki.cgiの1811行目 $::form{refer} = &code_convert(\$::form{refer}, $::defaultcode) if($::form{refer}); の下に $::form{refer} =~ s/&/&amp;/g; # & → &amp; $::form{refer} =~ s/</&lt;/g; # < → &lt; $::form{refer} =~ s/>/&gt;/g; # > → &gt; $::form{refer} =~ s/"/&quot;/g; # " → &quot; $::form{refer} =~ s/'/&#39;/g; # ' → &#39; を追記すると回避できるようです。

Ticket History (1/1 Histories)

2019-02-20 20:01 Updated by: None
  • New Ticket "XSS脆弱性" created

Attachment File List

No attachments

Edit

You are not logged in. I you are not logged in, your comment will be treated as an anonymous post. » Login