Mageia Bugzilla – Attachment 2991 Details for
Bug 7896
viewvc new security issue CVE-2012-4533
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
Log In
[x]
|
New Account
|
Forgot Password
Testing procedure for viewvc
viewvc.testing.txt (text/plain), 1.25 KB, created by
Dave Hodgins
on 2012-10-27 01:09:23 CEST
(
hide
)
Description:
Testing procedure for viewvc
Filename:
MIME Type:
Creator:
Dave Hodgins
Created:
2012-10-27 01:09:23 CEST
Size:
1.25 KB
patch
obsolete
># urpmi subversion-tools subversion viewvc apache-mod_python >Edit viewvc.conf ... >[dave@i1v svn]$ grep dave /etc/viewvc/viewvc.conf >root_parents = /home/dave/svn : svn >address = dave@i1v.hodgins.homeip.net > >$ mkdir /home/dave/svn >$ cd /home/dave/svn >$ svnadmin create project1 > >$ mkdir /home/dave/project1 >$ cd /home/dave/project1 > >Edit CVE-2012-4533 ... >[dave@i1v project1]$ cat CVE-2012-4533 >blah >x <script>alert("XSS!");</script> >one context >two context >three context >trigger > >$ svn import /home/dave/project1 file:///home/dave/svn/project1/trunk -m "Initial import of project1" >Adding /home/dave/project1/CVE-2012-4533 > >Committed revision 1. > >$ svn co file:///home/dave/svn/project1/trunk /home/dave/project1_work >A /home/dave/project1_work/CVE-2012-4533 >Checked out revision 1. > >Edit /home/dave/project1_work/CVE-2012-4533 ... >[dave@i1v ~]$ cat project1_work/CVE-2012-4533 >blah >x <script>alert("XSS!");</script> >one context >two context >three context >trigger XXXXXXXXXXXXX > >$ cd /home/dave/project1_work/ >$ svn commit -m "Some log message" >Sending CVE-2012-4533 >Transmitting file data . >Committed revision 2. > >Use http://127.0.0.1/cgi-bin/viewvc.cgi and select project1/trunk/CVE-2012-4533/Diff to previous 1 >and see the javascript pop-up showing XSS! > > > > > >
# urpmi subversion-tools subversion viewvc apache-mod_python Edit viewvc.conf ... [dave@i1v svn]$ grep dave /etc/viewvc/viewvc.conf root_parents = /home/dave/svn : svn address = dave@i1v.hodgins.homeip.net $ mkdir /home/dave/svn $ cd /home/dave/svn $ svnadmin create project1 $ mkdir /home/dave/project1 $ cd /home/dave/project1 Edit CVE-2012-4533 ... [dave@i1v project1]$ cat CVE-2012-4533 blah x <script>alert("XSS!");</script> one context two context three context trigger $ svn import /home/dave/project1 file:///home/dave/svn/project1/trunk -m "Initial import of project1" Adding /home/dave/project1/CVE-2012-4533 Committed revision 1. $ svn co file:///home/dave/svn/project1/trunk /home/dave/project1_work A /home/dave/project1_work/CVE-2012-4533 Checked out revision 1. Edit /home/dave/project1_work/CVE-2012-4533 ... [dave@i1v ~]$ cat project1_work/CVE-2012-4533 blah x <script>alert("XSS!");</script> one context two context three context trigger XXXXXXXXXXXXX $ cd /home/dave/project1_work/ $ svn commit -m "Some log message" Sending CVE-2012-4533 Transmitting file data . Committed revision 2. Use http://127.0.0.1/cgi-bin/viewvc.cgi and select project1/trunk/CVE-2012-4533/Diff to previous 1 and see the javascript pop-up showing XSS!
View Attachment As Raw
Actions:
View
Attachments on
bug 7896
: 2991