Jump to content


Export functionallity - fix XML macro injection

Vulnerability XML Export

  • Please log in to reply
No replies to this topic

#1 reuven

reuven

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 28 September 2016 - 08:12 AM

File: Grocery_CRUD.php (version 1.5.4)

Function: _export_to_excel

 

This row is used to add data to the final xml file.

$string_to_export .= $this->_trim_export_string($row->{$column->field_name})."\t";

 

There is no sanitation for the export data.

 

I added this function to sanitize xls special characters:

protected function _escape_xml($str){

$str = str_replace('<', '&#60;', $str);
$str = str_replace('>', '&#62;', $str);
$str = str_replace('&', '&#38;', $str);
$str = str_replace("'", '&#39;', $str);
$str = str_replace('"', '&#34;', $str);
$str = str_replace('%', '&#37;', $str);
$str = str_replace(';', '&#59;', $str);
$str = str_replace('(', '&#40;', $str);
$str = str_replace(')', '&#41;', $str);
$str = str_replace('+', '&#43;', $str);
$str = str_replace('|', '&#124;', $str);
return $str;
}

 

 

And changed the above line to:

 

$string_to_export .= $this->_trim_export_string($this->_escape_xml($row->{$column->field_name}))."\t";

 

 

 

 







Also tagged with one or more of these keywords: Vulnerability, XML, Export

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users