CodeIgniter 2.1 – ‘xss_clean()’ Filter Security Bypass

• Exploit Database
• 132 阅读

• 作者： Krzysztof Kotowicz
  日期： 2012-07-19
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/37521/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34

  source: https://www.securityfocus.com/bid/54620/info   CodeIgniter is prone to a security-bypass vulnerability.   An attacker can exploit this issue to bypass XSS filter protections and perform cross-site scripting attacks.   CodeIgniter versions prior to 2.1.2 are vulnerable.   Build an application on CodeIgniter 2.1.0:   // application/controllers/xssdemo.php <?php if ( ! defined(&apos;BASEPATH&apos;)) exit(&apos;No direct script access allowed&apos;);   class Xssdemo extends CI_Controller {   public function index() { $data[&apos;xss&apos;] = $this->security->xss_clean($this->input->post(&apos;xss&apos;)); $this->load->view(&apos;xssdemo&apos;, $data); } }   // application/views/xssdemo.php <form method=post> <textarea name=xss><?php echo htmlspecialchars($xss); ?>&lt;/textarea&gt; <input type=submit /> </form> <p>XSS: <hr /> <?php echo $xss ?>   Launch http://app-uri/index.php/xssdemo and try above vectors.