Bug 10856 - XSS, Reflected content on download page
Summary: XSS, Reflected content on download page
Status: RESOLVED FIXED
Alias: None
Product: Websites
Classification: Unclassified
Component: www.mageia.org (show other bugs)
Version: trunk
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: Romain d'Alverny
QA Contact:
URL:
Whiteboard:
Keywords: Atelier, Security
Depends on:
Blocks:
 
Reported: 2013-07-27 16:44 CEST by Bas V
Modified: 2013-07-27 23:10 CEST (History)
2 users (show)

See Also:
Source RPM:
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Bas V 2013-07-27 16:44:09 CEST 
An XSS vulnerability is present in the download, poc below. It seems that the XSS is only present in the download page. Somebody with malicious intentions could spread a link to let people download a malicious version of mageia and, like in the poc, it could list a wrong checksum with it. Common browsers do not filter html only (~no scripts are used), so the poc should work on every browser. 

POC: http://www.mageia.org/en/downloads/get/?q=test%3C%2Fpre%3EThe%20you%20can%20find%20the%20default%20distro%3Ca%20href%3D%22http%3A%2F%2Fexample%2Ecom%22%3E%20here%20%3C%2Fa%3E%3Cbr%3Ethe%20checksum%20of%20this%20iso%20is%3Add7b696b96434d2bf07b34f9c125d51d%3Cstyle%3Evisibility%3Ahidden
Bas V 2013-07-27 16:44:41 CEST

CC: (none) => rdalverny

Romain d'Alverny 2013-07-27 22:48:10 CEST

Keywords: (none) => Atelier, Security
Status: NEW => ASSIGNED
CC: (none) => atelier-bugs
Assignee: atelier-bugs => rdalverny

Comment 1 Romain d'Alverny 2013-07-27 23:10:15 CEST 
Thank you for the report.

Fixed in http://svnweb.mageia.org/web?view=revision&revision=2694 (better filtering the GET params + rephrasing the query for debug data) and released in production.

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.