← Back to team overview

mahara-contributors team mailing list archive

  1. mahara-contributors team
  2. Mailing list archive
  3. Message #09298

[Bug 1014854] [NEW] HTML tags in installation folder (!)

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Reported by Emanuel Bronshtein:

> in linux OS it possible to create folder and filenames with name
> contain a unclosed HTML tag.
> by creating a folder name: <img src=0 onerror=alert(1)>, and copied
> the mahara installation folder to it.
> JavaScript code executed by visiting main\installation page.
> http://localhost/M/";><img src=X onerror=alert(7)>/mahara-
> 1.5.1/htdocs/admin/
> the HTML code (from URI) is inserted to database inside wwwroot
> configuration, which then printed to the pages without escaping.

** Affects: mahara
     Importance: Low
         Status: Triaged

** Description changed:

- Reported by Emanual Bronshtein:
+ Reported by Emanuel Bronshtein:
  
  > in linux OS it possible to create folder and filenames with name
  > contain a unclosed HTML tag.
  > by creating a folder name: <img src=0 onerror=alert(1)>, and copied
  > the mahara installation folder to it.
  > JavaScript code executed by visiting main\installation page.
  > http://localhost/M/";><img src=X onerror=alert(7)>/mahara-
  > 1.5.1/htdocs/admin/
  > the HTML code (from URI) is inserted to database inside wwwroot
  > configuration, which then printed to the pages without escaping.

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/1014854

Title:
  HTML tags in installation folder (!)

Status in Mahara ePortfolio:
  Triaged

Bug description:
  Reported by Emanuel Bronshtein:

  > in linux OS it possible to create folder and filenames with name
  > contain a unclosed HTML tag.
  > by creating a folder name: <img src=0 onerror=alert(1)>, and copied
  > the mahara installation folder to it.
  > JavaScript code executed by visiting main\installation page.
  > http://localhost/M/";><img src=X onerror=alert(7)>/mahara-
  > 1.5.1/htdocs/admin/
  > the HTML code (from URI) is inserted to database inside wwwroot
  > configuration, which then printed to the pages without escaping.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1014854/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next