Ticket #391 (new defect)

Opened 3 months ago

XSS in File Upload

Reported by: tsewen Assigned to: nobody
Priority: highest Milestone: 0.9.2
Component: plugins Version: 0.9.1
Severity: critical Keywords: xss
Cc: Patch Included: 1
Review Stage: unreviewed

Description

A user can upload an HTML file containing JavaScript. When another user downloads the file, the script is run as if the script comes from the same domain, an XSS vulnerability.

Patch included simply sets content disposition to attachment for all files that are not images instead of just files with application/octet-stream MIME types, as done in Elgg 1.0.

Attachments

file_download_xss_fix.diff (0.7 kB) - added by tsewen on 09/04/08 01:10:12.
Fix for vulnerability. Sets Content-Disposition header to attachment

Change History

09/04/08 01:10:12 changed by tsewen

  • attachment file_download_xss_fix.diff added.

Fix for vulnerability. Sets Content-Disposition header to attachment