magento app/design/adminhtml/default/default/template/sales/order/view/info.phtml XSS Vul

magento app/design/adminhtml/default/default/template/sales/order/view/info.phtml XSS Vul

catalogue

1. 漏洞描述
2. 漏洞觸發條件
3. 漏洞影響範圍
4. 漏洞代碼分析
5. 防禦方法
6. 攻防思考      

1. 漏洞描述

Relevant Link:

http://www.freebuf.com/vuls/94277.html      

2. 漏洞觸發條件

0x1: POC

">alert(1);"@sucuri.net      

3. 漏洞影響範圍

4. 漏洞代碼分析

app/design/adminhtml/default/default/template/sales/order/view/info.phtml

<!-- template會将getcustomeremail方法的傳回值（即使用者填入的郵箱位址）傳遞到管理面闆上 -->
<tr>
    <td class="label"><label><?php echo Mage::helper('sales')->__('Email') ?></label></td>
    <td class="value"><a href="mailto:<?php echo $_order->getCustomerEmail() ?>"><strong><?php echo $_order->getCustomerEmail() ?></strong></a></td>
</tr>      

5. 防禦方法

<tr>
    <td class="label"><label><?php echo Mage::helper('sales')->__('Email') ?></label></td>
    <!-- <td class="value"><a href="mailto:<?php echo $_order->getCustomerEmail() ?>"><strong><?php echo $_order->getCustomerEmail() ?></strong></a></td> -->
    <td class="value"><a href="mailto:<?php echo htmlspecialchars($_order->getCustomerEmail()) ?>"><strong><?php echo htmlspecialchars($_order->getCustomerEmail()) ?></strong></a></td>
</tr>      

6. 攻防思考

Copyright (c) 2016 Little5ann All rights reserved