mahara-contributors team mailing list archive

Thread
Date

[Bug 1061980] Re: XSS using user uploaded SVG files

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Hugh Davenport <1061980@xxxxxxxxxxxxxxxxxx>
Date: Thu, 11 Oct 2012 02:51:37 -0000
Reply-to: Bug 1061980 <1061980@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Hi Shen,

If you would prefer using git to patch your code, see the latest commits
on the branches 1.4_STABLE, 1.5_STABLE, 1.6_STABLE  and master (1.6 and
master may not be the latest patches as are in current development).

Cheers,

Hugh

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
https://bugs.launchpad.net/bugs/1061980

Title:
  XSS using user uploaded SVG files

Status in Mahara ePortfolio:
  In Progress
Status in Mahara 1.4 series:
  Fix Released
Status in Mahara 1.5 series:
  Fix Released

Bug description:
  I have come across a serious security issue on Mahara version 1.5 which can
  allow an attacker to store malicious script on latest version of Mahara.

  *Testing Environent:*
  *
  Operating System:* Windows 7 (32-bit)
  *Web Server: *WAMP v2.2
  *Browser:* Mozilla Firefox v15.0.1

  *Vulnerable Path URL Location:* http://localhost/mahara/artefact/file/

  *Description*: I uploaded a SVG file with malicious payload, Since there
  was no validation of the malicious content, I was successful to upload a
  file with malicous script.

  Kindly find the screenshots as an attachment along with this mail.

  I request you to kindly implement proper sanitization for handling file
  contents.

  Thank You.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1061980/+subscriptions