CodeIgniter Global XSS Filtering Bypass Vulnerability

arbitrary commands that can bypass stronger CodeIgniter Security class even if. $config['global_xss_filtering'] = TRUE;. Thus we can execute XSS on the fly.

More PDF Content

CodeIgniter Global XSS Filtering Bypass Vulnerability
Discovered by Date Product Product Description Pen-Tested Version Vulnerability Risk Threat Description: $CI->input->user_agent() fails to check the validity of user-agent type. It simply extracts from $_SERVER array without checking whether it is bad string injection or not. In this case, we can spoof user agent string of our browser with our arbitrary commands that can bypass stronger CodeIgniter Security class even if $config[\'global_xss_filtering\'] = TRUE;. Thus we can execute XSS on the fly. Proof-Of-Vulnerability: : d0ubl3_h3lix : December 2007 : CodeIgniter < http://www.codeigniter.com> : Open-source PHP Framework : 1.5.2 : User-Agent injection : Medium : XSS, Log File Tampering

Download CodeIgniter Global XSS Filtering Bypass Vulnerability pdf from yehg.net, 1 pages, 31.89KB.
Related Books

2 Responses to “CodeIgniter Global XSS Filtering Bypass Vulnerability”

  1. zdjęcia na nagrobki on December 4th, 2014 at 12:09 pm

    Tremendous things here. I am very satisfied to peer your article.
    Thanks so much and I am looking ahead to contact you.

    Will you kindly drop me a mail?

Leave a Reply