Potential exploit in CSRF protection - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23) +--- Thread: Potential exploit in CSRF protection (/showthread.php?tid=45637) |
Potential exploit in CSRF protection - El Forum - 09-29-2011 [eluser]elverion[/eluser] I'm working on a site, and just started using the CSRF provided by CI. After enabling it, I've tested the site again with Acunetix Vulnerability Scanner. The result: a potential CSS attack. Quote:The Cookie variable ci_csrf_token has been set to >">[removed]alert(409371738445);[removed].Note: the [removed] bit is <_ScRiPt > (without the _) and corresponding close tag. On submit, it then echos the submitted CSRF_token, which breaks HTML. Shouldn't it be run through htmlspecialchars() or htmlentities()? |