#9006 closed defect (fixed)
Exploits in Dojo Toolkit
| Reported by: | disturbed_1 | Owned by: | dante |
|---|---|---|---|
| Priority: | blocker | Milestone: | 1.3.1 |
| Component: | Website | Version: | 1.3.0rc2 |
| Keywords: | Exploit | Cc: | kriszyp |
| Blocked By: | Blocking: |
Description
It many of the Dojo tookit's forms and basically anything where a user can submit text...
for example http://demos.dojotoolkit.org/demos/babelChat/
if you enter simple javascript it will run...
<script>alert('Vuln');</script>
This also means that it not only affects the sites look [By defacement] but also can endanger users [XSS Cookie Stealing]
This is just a heads up to make sure your scripts check characters/modify [Or at least have an option to do so] or else this will discourage users to not use your code....
If you want any more information feel free to contact me...
Change History (4)
comment:1 Changed 12 years ago by
| Cc: | kriszyp added |
|---|---|
| Owner: | changed from Dustin Machi to dante |
comment:2 Changed 12 years ago by
| Milestone: | tbd → 1.3.1 |
|---|---|
| Status: | new → assigned |
these are on the site now, so I'll be upping the demos/ to 1.3.1 asap. backporting the fixes so they make it.
comment:3 Changed 12 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note: See
TracTickets for help on using
tickets.
So to be clear, you didn't find anything like this in dojotoolkit.org/ directly ... (drupal should be covering most of the inputs there) but I agree, babelChat should totally be escaping input too. Will fix that, but I'd love to hear if you know of any other places.
we have a ticket for adding core html-escaping functionality to Dojo, which will be used to sanitize stuff incoming like this.
Thanks for the headsup.