Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming csrf_cookie vulnerable to XSS (reflected)
csrf_cookie vulnerable to XSS (reflected)
  • El Forum
    Guest
  •  
#1
05-23-2012, 07:10 AM

[eluser]tmountain[/eluser]
Running an automated security scanner on my CI application produces the following.

The value of the csrf_cookie cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a38fc">[removed]alert(1)< /script>ede65226261 was submitted in the csrf_cookie cookie. This input was echoed unmodified in the application's response.

It seems that the csrf_cookie that CI automatically adds to the form is vulnerable to XSS. I'm running CI version 2.1.0.
  • El Forum
    Guest
  •  
#2
05-23-2012, 01:45 PM

[eluser]Narf[/eluser]
https://github.com/EllisLab/CodeIgniter/pull/1366
  • El Forum
    Guest
  •  
#3
05-23-2012, 02:29 PM

[eluser]WanWizard[/eluser]
Which scanner are you using?
  • El Forum
    Guest
  •  
#4
05-24-2012, 02:58 PM

[eluser]tmountain[/eluser]
Using the BURP Suite from Portswigger.




Theme © iAndrew 2016 - Forum software by © MyBB