[FFmpeg-trac] #3034(FFserver:new): XSS vulnerability in ffserver
FFmpeg
trac at avcodec.org
Tue Oct 8 09:58:56 CEST 2013
#3034: XSS vulnerability in ffserver
----------------------------------+--------------------------------------
Reporter: tborisow | Type: defect
Status: new | Priority: normal
Component: FFserver | Version: git-master
Keywords: | Blocked By:
Blocking: | Reproduced by developer: 0
Analyzed by developer: 0 |
----------------------------------+--------------------------------------
Summary of the bug:
How to reproduce:
{{{
% curl 'http://myserver/1ssssssss<h1 >'
}}}
Output:
{{{
<html>
<head><title>404 Not Found</title></head>
<body>File '/1ssssssss<h1>' not found</body>
</html>
}}}
Special HTML characters needs to be escaped
More about XSS:
[http://www.owasp.org/index.php/Cross-site_Scripting_(XSS)]
[http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet]
--
Ticket URL: <https://ffmpeg.org/trac/ffmpeg/ticket/3034>
FFmpeg <http://ffmpeg.org>
FFmpeg issue tracker
More information about the FFmpeg-trac
mailing list