Statpress XSS vulnerability

  • Hi all,

    i just have been made aware of a possible XSS vulnerability in the Statpress plugin. Have a look at this blog entry which describes what the problem is.

    Now, i have posted a topic in the forum hosted by the author of this plugin, but would like to take the opportunity to post this here as well.

    Now, the author of that blog entry suggest to “fix” the problem by downloading his “patched” version of the statpress.php file in which basically the following code has been changed:

    Original Code:

    $referrer = (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '');
    $userAgent = (isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '');

    “Patched” Code:

    $referrer = (isset($_SERVER['HTTP_REFERER']) ? htmlentities($_SERVER['HTTP_REFERER']) : '');
	$userAgent = (isset($_SERVER['HTTP_USER_AGENT']) ? htmlentities($_SERVER['HTTP_USER_AGENT']) : '');

    #

    Now my question is if the “patched” code is alright, since i am not really good at PHP, to be honest i suck when it comes to PHP ??
    So any of you can tell me if the “patched” code above is ok or could mean any harm ? I would really love to continue using Statpress but am afraid because of that XSS vulnerability

Viewing 3 replies - 1 through 3 (of 3 total)

  • Hi there ZegaZegaZig,

    I’m the author of the disclosure post.

    What I did in the code was wrap around the referer and user agent with the htmlentities() php function. It’s very simple.

    This function just transforms the html characters into their code so they can be ignored as javascript or html code when outputted to the page.

    Anyone here in the forum with some php knowledge will confirm this. So you can trust my patch. With it you will be protected from the XSS vulnerability. But keep an eye on the author’s page so you can update it has soon has the official patch comes up.

    I won’t be giving details about the ways of exploitation to avoid script kiddies messing around.

    If you have any question feel free to ask.

    Thread Starter zegazegazig

    (@zegazegazig)

    thanks very much, i just wasn′t sure what the code does but will replace the statpress.php now.

    Check out the statpress page, the author has released the official patched version ??

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Statpress XSS vulnerability’ is closed to new replies.