projects / GitHub / WoltLab / WCF.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: afea0b2) | patch
Fix XSS vulnerability within the JavaScript relocator
authorTim Düsterhus <duesterhus@woltlab.com>
Thu, 13 Oct 2022 15:19:17 +0000 (17:19 +0200)
committerTim Düsterhus <duesterhus@woltlab.com>
Thu, 13 Oct 2022 15:19:17 +0000 (17:19 +0200)
commitdef6dc32f5cf91ca3fc58fd6617fbc16765f4277
treea85a6b0f09ad935601476ee7b805ed05f14321dftree | snapshot (tar.gz zip)
parentafea0b2e4b41b127c8eda8733a165e65e47c6ef2commit | diff
Fix XSS vulnerability within the JavaScript relocator

If the relocation placeholder appeared multiple times within the source code,
it would also be replaced multiple times. This might allow an attacker to blow
up the HTML structure by including the placeholder within UGC.

Fix this issue by only ever replacing the last placeholder, which should be the
“real” one from footer.tpl. In the future this should be protected further by
including a random nonce to prevent this attack entirely.
wcfsetup/install/files/lib/util/HeaderUtil.class.php diff | blob | blame | history
WoltLab Suite Core (previously WoltLab Community Framework)