[tahoe-dev] [tahoe-lafs] #1142: Unlikely XSS Potential in File Names in WUI
tahoe-lafs
trac at tahoe-lafs.org
Sun Aug 1 04:56:48 UTC 2010
#1142: Unlikely XSS Potential in File Names in WUI
---------------------+------------------------------------------------------
Reporter: chrisp | Owner: nobody
Type: defect | Status: new
Priority: major | Milestone: undecided
Component: unknown | Version: 1.7.1
Keywords: | Launchpad Bug:
---------------------+------------------------------------------------------
I have a file named "zumby-bumby ; mail blaggy at mailinator.com <
/etc/hosts" in the pubgrid root (http://pubgrid.tahoe-
lafs.org/uri/URI%3ADIR2%3Actmtx2awdo4xt77x5xxaz6nyxm%3An5t546ddvd6xlv4v6se6sjympbdbvo7orwizuzl42urm73sxazqa/).
When you try to rename it, you get the message:
"No such child: zumby-bumby ; mail blaggy at mailinator.com < /etc/hosts"
served as text/plain. IE will render text/plain as HTML if it detects HTML
in the plain text. Pathetic, but true. To attack this, the attacker would
have to convince the user to add a maliciously-named file to their
directory, so it's more social engineering than automatable attack, but
still.
--
Ticket URL: <http://tahoe-lafs.org/trac/tahoe-lafs/ticket/1142>
tahoe-lafs <http://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-dev
mailing list