fun with openid login ;) (xss).
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Moin OpenID module |
Fix Released
|
Critical
|
Unassigned |
Bug Description
I thought I should spend a few minutes looking for yet another launchpad xss bug ;)
***** The lp cookie totally should be httponly as well as being a secure cookie ... :/ https:/
Reviewing the obvious candidate, which I had not looked into yet is the "special" login system.
So... Here is an example url that will show an alert(1) dialogue on https:/
The issue in the help.launchpad.net domain - is that the openid.mode is not escaped in the openid error message shown on the page. There may be other parameters will also allow an attacker to inject html and content into the page. (I haven't checked them).
And it also works on https:/
https:/
and...
pastebin.
https:/
http get is not supposed to change the world ;)
description: | updated |
description: | updated |
affects: | launchpad → moin-openid |
Changed in moin-openid: | |
status: | Triaged → Fix Released |
Thanks for reporting these, we'll get them addressed asap.