git.samba.org / samba.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 11b4dec) | patch
s3 swat: Fix possible XSS attack (bug #8289)
authorKai Blin <kai@samba.org>
Thu, 7 Jul 2011 08:03:33 +0000 (10:03 +0200)
committerKarolin Seeger <kseeger@samba.org>
Tue, 26 Jul 2011 18:47:40 +0000 (20:47 +0200)
commitde91a834def9726cdf24007f18e028b761b57e83
treed5c50122534ed55180234720f0cfbbc1e9feee4dtree
parent11b4dec29c9306531e73d5f4c12f89934dd538b4commit | diff
s3 swat: Fix possible XSS attack (bug #8289)

Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack
against SWAT, the Samba Web Administration Tool. The attack uses reflection to
insert arbitrary content into the "change password" page.

This patch fixes the reflection issue by not printing user-specified content on
the website anymore.

Signed-off-by: Kai Blin <kai@samba.org>
(cherry picked from commit 05fa09be5a801baa5d35014e2f54b46c1ff5466b)
source3/web/swat.c diff | blob | history
Samba Shared Repository