• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    Solved Stored XSS vulnerability in fog project version 0.27 through 0.32

    Bug Reports
    2
    3
    1604
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      Dolev Farhi
      last edited by

      hi,

      I would like to bring to your attention there is a persistent XSS vulnerability in the printer management page

      in general, it is possible to add a crafted printer, and once a user/admin would visit the printer management page I could potentially steal his cookies

      POC can be found here:
      [media=youtube]fGncIGB8F0U[/media]

      1 Reply Last reply Reply Quote 0
      • Tom ElliottT
        Tom Elliott
        last edited by

        This problem is still present, but really only affects FOG setups who allow login across actual internet sources. Typically speaking this vulnerability really only affects malicious insiders trying to bring down an org, and won’t normally pose the problem.

        With that said, I’ve been working towards using mysql prepared statements but this will take quite a bit of work as much of the system was coded with the old procedural style of mysql php functions in mind.

        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

        Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

        Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

        1 Reply Last reply Reply Quote 0
        • D
          Dolev Farhi
          last edited by

          Additional Stored XSS were found in other management pages.

          [media=youtube]tFCLDAH35jU[/media]

          1 Reply Last reply Reply Quote 0
          • 1 / 1
          • First post
            Last post

          90

          Online

          10.6k

          Users

          16.5k

          Topics

          151.1k

          Posts
          Copyright © 2012-2023 FOG Project