Smalltalk Frameworks & Tools Magritte, Pier and Related Tools

XSS vulnerability in Pier-Blog

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Nicolas Petton
Reply | Threaded
Open this post in threaded view
|

XSS vulnerability in Pier-Blog

Nicolas Petton
Hi,


I just found that Pier-Blog seems to be very vulnerable to XSS
attacks...

Try to post the following in a comment:

<script>
alert('hello world!');
</script>

Cheers!

Nico

_______________________________________________
Magritte, Pier and Related Tools ...
https://www.iam.unibe.ch/mailman/listinfo/smallwiki

signature.asc (204 bytes) Download Attachment
Lukas Renggli
Reply | Threaded
Open this post in threaded view
|

Re: XSS vulnerability in Pier-Blog

Lukas Renggli
Hi Nico,

yeah, that's a known problem related to this issue

    http://code.google.com/p/pier/issues/detail?id=48

Fixing it using an explicit verbatim syntax would also resolve other
encoding related issues in the environment and the blog could filter
such markup. It is on the todo list for a long time ... if anybody
wants to help, I would be glad.

Lukas

--
Lukas Renggli
http://www.lukas-renggli.ch
_______________________________________________
Magritte, Pier and Related Tools ...
https://www.iam.unibe.ch/mailman/listinfo/smallwiki
Free forum by Nabble Edit this page