WWW/HTTP
 » 
Dynamic Content
 » 
CGI Tools/Libraries
 » 
CPAINT
 » 
cpaint-developers

CPAINT security hole found and fixed!

View: New views
1 Messages — Rating Filter:   Alert me  

CPAINT security hole found and fixed!

by Paul Sullivan :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

All,

We were notified of a vulnerability that could compromise client-side
security and allow scripts from a third-party server to execute. The
exploit can be seen at
http://cpaint.wiley14.com/examples/type/type.php?cpaint_response_type=%3Ciframe%20src=http://www.gulftech.org/%3E
and occurs when the developer sets the frontend response type option
to an HTML string (which generates an error on the backend that echoes
the HTML code to the client).

We believe this exploit was more of an oversight on our part in not
properly scrubbing incoming server options and data.  However, we do
not believe that this is a widespread, critical issue since it must be
consciously exploited by the CPAINT developer.  This hole was
discovered by James Bercegay <security@...> of GulfTech
Research and Development, Gulfport Mississippi US.  We thank James for
bringing this to our attention and working with us to find a solution.

We have released version 2.0.3 which contains the appropriate patches
on SourceForge.Net.  The download location is
http://sourceforge.net/project/showfiles.php?group_id=141041&package_id=154713&release_id=392071.
 We highly recommend that you upgrade to this version as soon as
possible.

We want to assure our users that we still have complete confidence in
CPAINT and the security mechanisms we have already implemented.
Please understand that these security advisories do not mean that we
are naive (as the Dojo folks accused last time) or incompetent.  There
is no such thing as a 100% secure application and to believe so is
truly being naive.  We are glad that our software is successful enough
to warrant a public security advisory and we continue to work towards
an enterprise-strength toolkit with unsurpassed security.



Sincerely,

Paul Sullivan
on behalf of the CPAINT Development Team
http://cpaint.sourceforge.net/
http://sf.net/projects/cpaint/


-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems?  Stop!  Download the new AJAX search engine that makes
searching your log files as easy as surfing the  web.  DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid3432&bid#0486&dat1642
_______________________________________________
Cpaint-developers mailing list
Cpaint-developers@...
https://lists.sourceforge.net/lists/listinfo/cpaint-developers
Free embeddable forum powered by Nabble Forum Help