Community
Participate
Working Groups
Reported by Md. Nur A Alam Dipu: This is a cross scripting vulnerability at : eclipse.org in ?key= endpoint. Endpoints: "?key=" XSS url : https://www.eclipse.org/technology/pmc-minutes.php?key=%22%3E%3C/script%3E%3Csvg/onload=alert(2)%3E Payload : "></script><svg/onload=alert(document.domain)> Steps to reproduce: 1 : Add XSS payload at the endpoint https://www.eclipse.org/technology/pmc-minutes.php?key=%22%3E%3C/script%3E%3Csvg/onload=alert(2)%3E 2 : Click enter or open in browser 3 : While entering the payload or open in the browser, XSS will trigger out. Impact : With XSS vulnerability attackers can steal victim browser sessions,cookies,ip, keylogging and more other information. Fix: Sanitize the input value and make forbidden all special characters properly like ",'<>,/.
We shouldn't be printing $_GET variables without encoding the content first: https://git.eclipse.org/c/www.eclipse.org/technology.git/tree/pmc-minutes.php#n22 More information: https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
New Gerrit change created: https://git.eclipse.org/r/c/www.eclipse.org/technology/+/174281
Gerrit change https://git.eclipse.org/r/c/www.eclipse.org/technology/+/174281 was merged to [master]. Commit: http://git.eclipse.org/c/www.eclipse.org/technology.git/commit/?id=e0bbc1716f15bdfb6d0168edaddfa1ee51f7a710
FWIW, this is very old functionality that I'm thinking that I'll just delete.
I did notice that Wayne did approve the patch however, not all the changes that I initially requested were done. 1. Please replace isset() with !empty(). An empty string is not useful here. 2. We try to avoid short_open_tags with PHP. Please re-write: <?= $App->checkPlain($_GET['key']) ?> with: <?php print $App->checkPlain($_GET['key']); ?> We don't need to change all instances but I would expect us to drop the short form if we update a line of code that's using it. More information about short_open_tags: https://softwareengineering.stackexchange.com/a/151694
New Gerrit change created: https://git.eclipse.org/r/c/www.eclipse.org/technology/+/174340
New Gerrit change created: https://git.eclipse.org/r/c/www.eclipse.org/technology/+/174341
Gerrit change https://git.eclipse.org/r/c/www.eclipse.org/technology/+/174341 was merged to [master]. Commit: http://git.eclipse.org/c/www.eclipse.org/technology.git/commit/?id=95d283127eae3b5b7741e0dbe0c75926ab639fb0
(In reply to Eclipse Genie from comment #8) > Gerrit change > https://git.eclipse.org/r/c/www.eclipse.org/technology/+/174341 was merged > to [master]. > Commit: > http://git.eclipse.org/c/www.eclipse.org/technology.git/commit/ > ?id=95d283127eae3b5b7741e0dbe0c75926ab639fb0 I think we are done here! Thanks Martin and Md. Nur A Alam Dipu.