Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived General Discussion Is codeigniter vulnerable to XSS attacks through input->user_agent()?
Is codeigniter vulnerable to XSS attacks through input->user_agent()?
  • El Forum
    Guest
  •  
#1
02-14-2010, 07:48 PM

[eluser]ChiefChirpa[/eluser]
According to http://seclists.org/fulldisclosure/2009/Jul/422 :

Quote:$CI->input->user_agent() fails to check the validity of user-agent type.
It simply extracts from $_SERVER array without checking whether it is
bad string injection or not. In this case, we can spoof user agent
string of our browser with our arbitrary commands that can bypass
stronger CodeIgniter Security class even if
$config['global_xss_filtering'] = TRUE;. Thus we can execute XSS on
the fly.

Is this correct? because the session class, tank_auth, etc all call $CI->input->user_agent(), without running it through input->xss_clean()...

The method in question (from 1.72):

Code:
function user_agent()
    {
        if ($this->user_agent !== FALSE)
        {
            return $this->user_agent;
        }

        $this->user_agent = ( ! isset($_SERVER['HTTP_USER_AGENT'])) ? FALSE : $_SERVER['HTTP_USER_AGENT'];

        return $this->user_agent;
    }

It seems correct to me...


Messages In This Thread
Is codeigniter vulnerable to XSS attacks through input->user_agent()? - by El Forum - 02-14-2010, 07:48 PM



Theme © iAndrew 2016 - Forum software by © MyBB