Opened 11 years ago

Closed 11 years ago

Last modified 11 years ago

#9006 closed defect (fixed)

Exploits in Dojo Toolkit

Reported by: disturbed_1 Owned by: dante
Priority: blocker Milestone: 1.3.1
Component: Website Version: 1.3.0rc2
Keywords: Exploit Cc: kriszyp
Blocked By: Blocking:

Description

It many of the Dojo tookit's forms and basically anything where a user can submit text...

for example http://demos.dojotoolkit.org/demos/babelChat/

if you enter simple javascript it will run...

<script>alert('Vuln');</script>

This also means that it not only affects the sites look [By defacement] but also can endanger users [XSS Cookie Stealing]

This is just a heads up to make sure your scripts check characters/modify [Or at least have an option to do so] or else this will discourage users to not use your code....

If you want any more information feel free to contact me...

Change History (4)

comment:1 Changed 11 years ago by dante

Cc: kriszyp added
Owner: changed from Dustin Machi to dante

So to be clear, you didn't find anything like this in dojotoolkit.org/ directly ... (drupal should be covering most of the inputs there) but I agree, babelChat should totally be escaping input too. Will fix that, but I'd love to hear if you know of any other places.

we have a ticket for adding core html-escaping functionality to Dojo, which will be used to sanitize stuff incoming like this.

Thanks for the headsup.

comment:2 Changed 11 years ago by dante

Milestone: tbd1.3.1
Status: newassigned

these are on the site now, so I'll be upping the demos/ to 1.3.1 asap. backporting the fixes so they make it.

comment:3 Changed 11 years ago by dante

Resolution: fixed
Status: assignedclosed

(In [17333]) fixes all known occurences of xss vulnerabilities in the demos. please report if more found. fixes #9006

comment:4 Changed 11 years ago by dante

(In [17334]) refs #9006 - putting the survey fix into trunk too

Note: See TracTickets for help on using tickets.