Potential attack vector via registration form

Bug #1697308 reported by Robert Lyon on 2017-06-11
254
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
High
Robert Lyon
15.04
High
Unassigned
16.04
High
Unassigned
16.10
High
Unassigned
17.04
High
Unassigned
17.10
High
Robert Lyon

Bug Description

As reported by Mushraf Mustafa

By using something like

Lastname: <img src='nothing' onerror='myFunction'>

A user can submit potential dangerous payload to be saved as their name in the usr_registration table.
The values are then also emailed out to the the user and admin.

And if accepted become part of the new user's account.

We should clean up the submitted values from the form and remove any HTML tags and Javascript code as that is not valid input.

CVE References

CVE-2017-9551 was assigned (not yet available to be pulled via Launchpad though)

Reviewed: https://reviews.mahara.org/7820
Committed: https://git.mahara.org/mahara/mahara/commit/d9fd5e8df31fbc55624b0e34d466765cbe6b7f5c
Submitter: Robert Lyon (<email address hidden>)
Branch: master

commit d9fd5e8df31fbc55624b0e34d466765cbe6b7f5c
Author: Robert Lyon <email address hidden>
Date: Mon Jun 12 08:49:51 2017 +1200

Security Bug 1697308: Sanitizing the registration form information

To avoid potential hacking vectors for the site

behatnotneeded

Change-Id: I53088c5e73017bc59f156483509e1bb7e8c1710a
Signed-off-by: Robert Lyon <email address hidden>

Robert Lyon (robertl-9) on 2017-09-11
information type: Private Security → Public Security
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers