Tags: security patch
MSA-10-0012:
Topic: KSES Security Filter Bypassing vulnerability
Severity: Critical
Versions affected: <1.8.13 and <1.9.9
Reported by: Sascha Herzog
Issue no.: MDL-22042
Solution: upgrade to 1.8.13 or 1.9.9
Workaround: apply patch
http://git.moodle.org/gw?p=moodle.git;a=commit;h=8628d9d845b2641bd211adaeb2a06e6a2fdc0e3d
http://cvs.moodle.org/moodle/lib/weblib.php?r1=1.812.2.114&r2=1.812.2.115
Description:
Sascha Herzog reported a critical vulnerability in KSES text cleaning filter
may allows registered users to launch persistent cross-site scripting (XSS)
attacks.
Patch provided
Index: moodle/lib/weblib.php
===================================================================
--- moodle/lib/weblib.php (revision 6)
+++ moodle/lib/weblib.php (revision 7)
@@ -1760,7 +1760,9 @@
}
}
$arreach['value'] = preg_replace("/j\s*a\s*v\s*a\s*s\s*c\s*r\s*i\s*p\s*t/i", "Xjavascript", $arreach['value']);
+ $arreach['value'] = preg_replace("/v\s*b\s*s\s*c\s*r\s*i\s*p\s*t/i", "Xvbscript", $arreach['value']);
$arreach['value'] = preg_replace("/e\s*x\s*p\s*r\s*e\s*s\s*s\s*i\s*o\s*n/i", "Xexpression", $arreach['value']);
+ $arreach['value'] = preg_replace("/b\s*i\s*n\s*d\s*i\s*n\s*g/i", "Xbinding", $arreach['value']);
} else if ($arreach['name'] == 'href') {
//Adobe Acrobat Reader XSS protection
$arreach['value'] = preg_replace('/(\.(pdf|fdf|xfdf|xdp|xfd))[^a-z0-9_\.\-].*$/i', '$1', $arreach['value']);
