XSS vulnerability in SNEAK 1.27 (PHP version)

[Replies] [Reply] [View by Thread] [Help]
[Back To SNEAK Development Forum]

Ret. Lambda CinC snarkles

Big thanks to Frank Nguyen who tipped me off to an XSS vulnerability in the Caesar Bruteforce option in SNEAK 1.27. Its output was not properly being escaped, because it prints stuff directly to the browser rather than running through the central filtering routine (holy cow I used to write simply awful PHP ;)).

Unfortunately, I've not been active in CyberArmy for over two years (as you probably know :D), so I am not sure of my login credentials, etc. for SVN anymore. But there's a new 1.28 version of SNEAK available on my site at http://snarkles.net/scripts/sneak/sneak-1.28.zip. If someone could replace the version in CyberArmy's SVN with that one, that'd be awesome!

Replies:

>XSS vulnerability in SNEAK 1.27 (PHP version) - Ret. Lambda CinC snarkles 2008-01-17 02:25:19 <
- SNEAK 1.28 (PHP version) Uploaded to SVN - Beta Maj SAJChurchey 2008-06-08 05:27:04
- Hello stranger! :)... - Delta Gen int16h 2008-01-17 02:27:00
  - RE: Hello stranger! :)... - Ret. Lambda CinC snarkles 2008-01-17 03:25:20
    - RE: Hello stranger! :)... - Delta Gen int16h 2008-01-17 03:47:03
      - RE: Hello stranger! :)... - Alpha Tr Ploy 2008-01-18 08:30:00
- Oh, and P.S... Hi, folks!! :D -nt- - Ret. Lambda CinC snarkles 2008-01-17 02:26:10
  - wanna play chess sometime? -nt- - Tr zero one 2008-01-20 00:36:22
    - No, I wouldn't want to embarrass you again ;) - Ret. Lambda CinC snarkles 2008-01-21 19:11:11
      - the embarassment is all yours snarks :] - Tr zero one 2008-01-22 07:01:28
        Did I hear someone say Chess?!?! -more- - Delta LtKer FrodBonzi 2008-01-22 07:14:16
        bring it on! -nt- - Tr zero one 2008-01-22 07:15:42
        I suggest caution 01... - Gamma Tr The Digital Poet 2008-01-23 10:16:08
  - dear snorkles - Alpha Gen adtrace 2008-01-20 00:35:22
    - Hey, adtrace! - Ret. Lambda CinC snarkles 2008-01-21 19:12:38
  - How've ye been? Been a looooong time! [nt] - Alpha Tr Ploy 2008-01-18 08:30:47
    - Hehe, been doing well! - Ret. Lambda CinC snarkles 2008-01-21 19:20:37
      - Not too bad, lots of work - Alpha Tr Ploy 2008-02-02 21:50:20

Guest:
Subject:
Message:	On 2008-01-17 02:25:19, snarkles wrote >Big thanks to Frank Nguyen who tipped me off to an XSS vulnerability in the Caesar Bruteforce option in SNEAK 1.27. Its output was not properly being escaped, because it prints stuff directly to the browser rather than running through the central filtering routine (holy cow I used to write simply awful PHP ;)). > >Unfortunately, I've not been active in CyberArmy for over two years (as you probably know :D), so I am not sure of my login credentials, etc. for SVN anymore. But there's a new 1.28 version of SNEAK available on my site at [url]http://snarkles.net/scripts/sneak/sneak-1.28.zip[/url]. If someone could replace the version in CyberArmy's SVN with that one, that'd be awesome!
Signature:
Optional Image Link:
http://

CyberArmy::Forum v0.6
Generated In 0.00774 seconds