csrf_cookie vulnerable to XSS (reflected) - Printable Version +- CodeIgniter Forums (https://forum.codeigniter.com) +-- Forum: Archived Discussions (https://forum.codeigniter.com/forumdisplay.php?fid=20) +--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forumdisplay.php?fid=23) +--- Thread: csrf_cookie vulnerable to XSS (reflected) (/showthread.php?tid=51921) |
csrf_cookie vulnerable to XSS (reflected) - El Forum - 05-23-2012 [eluser]tmountain[/eluser] Running an automated security scanner on my CI application produces the following. The value of the csrf_cookie cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a38fc">[removed]alert(1)< /script>ede65226261 was submitted in the csrf_cookie cookie. This input was echoed unmodified in the application's response. It seems that the csrf_cookie that CI automatically adds to the form is vulnerable to XSS. I'm running CI version 2.1.0. csrf_cookie vulnerable to XSS (reflected) - El Forum - 05-23-2012 [eluser]Narf[/eluser] https://github.com/EllisLab/CodeIgniter/pull/1366 csrf_cookie vulnerable to XSS (reflected) - El Forum - 05-23-2012 [eluser]WanWizard[/eluser] Which scanner are you using? csrf_cookie vulnerable to XSS (reflected) - El Forum - 05-24-2012 [eluser]tmountain[/eluser] Using the BURP Suite from Portswigger. |