[Koha] Cross site scripting

araik at flib.sci.am araik at flib.sci.am
Wed Nov 27 00:54:12 NZDT 2013


Dear community,
In our Koha version 3.12.01 which has worked on Ubuntu 12.04  we have some
problems.
Recently our Web provider checked Koha  security through "Acunetix"  Web
application security programm and founded some high-severity type
vulnerabilities.
First threat :
**********************************
Cross site scripting (verified)
Affects Variation
/cgi-bin/koha/opac-search.pl

/cgi-bin/koha/opac-search.pl
URL encoded GET input count was set to 50'"()&%<ScRiPt
>prompt(901653)</ScRiPt>
GET
/cgi-bin/koha/opac-search.pl?count=50%27%22%28%29%26%25%3cScRiPt%20%3eprompt%28901653%29%3c%2
fScRiPt%3e&format=rss2&idx=pb,wrdl&limit=mc-itype,phr:AR&q=1&sort_by=acqdate_dsc
HTTP/1.1
Referer: http://library.parliament.am:80/
(line truncated)
...00%2500query_cgi%2508%2580%2505%2500%2500%2500total%250A%2511callnum%252Cwrdl%253A%25201%2
52C%2520%250A%2500%2500%2500query_desc%2504%2503%2504%2500%2500%2500%2506%25C5Q%258FR%2500%25
00%2500%2500%2504%2500%2500%2500time%250A7format%253Drss2%2526idx%253Dsu%25252Cwrdl%2526limit
%253Dmc-itype%25252Cphr%25253AAR%2526q%253D1%2509%2500%2500%2500query_cgi%2508%2580%2505%2500
%2500%2500total%250A%251Bsu%252Cwrdl%253A%25201%252C%2520mc-itype%252Cphr%253AAR%250A%2500%25
00%2500query_desc; KohaOpacLanguage=en
Host: library.parliament.am
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*
****************************************
Second :
***************************************
Application error message
Affects Variation
/cgi-bin/koha/opac-search.pl
/cgi-bin/koha/opac-search.pl
URL encoded GET input count was set to '"()
Error message found: Internal Server Error
GET
/cgi-bin/koha/opac-search.pl?count=%27%22%28%29&format=rss2&idx=ti&q=1&sort_by=acqdate_dsc
HTTP/1.1
(line truncated)
...00%2500query_cgi%2508%2580%2505%2500%2500%2500total%250A%2511callnum%252Cwrdl%253A%25201%2
52C%2520%250A%2500%2500%2500query_desc%2504%2503%2504%2500%2500%2500%2506%25C5Q%258FR%2500%25
00%2500%2500%2504%2500%2500%2500time%250A7format%253Drss2%2526idx%253Dsu%25252Cwrdl%2526limit
%253Dmc-itype%25252Cphr%25253AAR%2526q%253D1%2509%2500%2500%2500query_cgi%2508%2580%2505%2500
%2500%2500total%250A%251Bsu%252Cwrdl%253A%25201%252C%2520mc-itype%252Cphr%253AAR%250A%2500%25
00%2500query_desc; KohaOpacLanguage=en
Host: library.parliament.am
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*
****************************
Security programme results see an attached.
How to prevent xss attacs and protect  opac-search.pl ?
Best regards,
Araik





More information about the Koha mailing list