Hi Steffen, On Sun, 7 Mar 2010 19:10:12 +1100 Steffen Joeris <steffen.joe...@skolelinux.de> wrote: > Apparently, to_native() is converting it to another encoding, but shouldn't > it > do some escaping of certain characters to avoid having the usual html > characters in there?
I'm not sure that, I'll ask upstream author.
IE has a strange behavior with auto-encoding pages without charset, it probably
relates that.
> I also don't understand the text on tdiary.org, since it is in Japanese,
> could
> you maybe provide a translation?
* Overview
XSS vulnerability was found in tDiary, a communication-friendly weblog system.
We think it is rare case but please deal with that as soon as possible if you
are using such system.
- This problem affects
* tDiary 2.2.2 or earlier (full set and plugins)
And, if you meet _all_ condition below
* tb-send.rb plugin is enabled
* using Microsoft Internet Explorer 7 (IE7)
* update diary via malicious crafted URL
We confirmed this problem with update blog by using IE7 (maybe Old Internet
Explorer as well but we don't check with that) and it is not showed with
Firefox,
Opera and Safari.
And it exists with tDiary 2.2, not 2.3.
* Impact
An arbitrary script may be executed on some web browsers when blog owner
accesses blog update page via special crafted URL or web site by malicious
third-parties.
It does not affect people who browse blog since this vulnerability exists in
its update page only, and is accessible with administrator of that blog.
However, there's a danger publish malicious page by exploiting this
vulnerability.
* Solutions
- disable tb-send.rb plugin
- update product to 2.2.3
* Thanks to
Project VEX of UBsecure, Inc.
--
Regards,
Hideki Yamane henrich @ debian.or.jp/iijmio-mail.jp
http://wiki.debian.org/HidekiYamane
pgp7AQdcTQAFT.pgp
Description: PGP signature
