Welcome Guest, Not a member yet? Register   Sign In
Is codeigniter vulnerable to XSS attacks through input->user_agent()?
#1

[eluser]ChiefChirpa[/eluser]
According to http://seclists.org/fulldisclosure/2009/Jul/422 :

Quote:$CI->input->user_agent() fails to check the validity of user-agent type.
It simply extracts from $_SERVER array without checking whether it is
bad string injection or not. In this case, we can spoof user agent
string of our browser with our arbitrary commands that can bypass
stronger CodeIgniter Security class even if
$config['global_xss_filtering'] = TRUE;. Thus we can execute XSS on
the fly.

Is this correct? because the session class, tank_auth, etc all call $CI->input->user_agent(), without running it through input->xss_clean()...

The method in question (from 1.72):

Code:
function user_agent()
    {
        if ($this->user_agent !== FALSE)
        {
            return $this->user_agent;
        }

        $this->user_agent = ( ! isset($_SERVER['HTTP_USER_AGENT'])) ? FALSE : $_SERVER['HTTP_USER_AGENT'];

        return $this->user_agent;
    }

It seems correct to me...




Theme © iAndrew 2016 - Forum software by © MyBB