« home   paste   Anonymous | Login | Signup for a new account 06-21-2019 02:15 CEST
* X »
GeSHi - Generic Syntax Highlighter Syntax Coloriser for PHP

Viewing Issue Simple Details Jump to Notes ] View Advanced ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0000112 [GeSHi] renderer minor have not tried 02-22-07 13:47 10-23-07 03:15
Reporter BenBE View Status public  
Assigned To Knut
Priority low Resolution open  
Status assigned   Product Version 1.1.1
Summary 0000112: XML renderer might allow for source injection
Description The XML renderer might allow for a source injection when generating the XML output for a given token due to an unescaped token inserted into CDATA.
Additional Information I didn't test on this issue yet, but tracing the source backwards the injection might be possible if:
- a language file doesn't highlight a longer block and therefore allows for a long token to be put into one CDATA field (e.g. for a comment)
- this block contains the valid XML sequence ]]> following any valid XML source.
- the token get's passed unpassed (which seems to be the case for XML as far as I can tell)

The function causing this leak is GeSHiRendererXML::parseToken on line 105 (Rev 910, introduced in Rev 874).
Attached Files

- Relationships

- Notes
10-23-07 03:15

I can't see how that would cause an injection, except into the XML file. It would not cause any security problems, but I'll look into it.

- Issue History
Date Modified Username Field Change
02-22-07 13:47 BenBE New Issue
02-22-07 13:47 BenBE Status new => assigned
02-22-07 13:47 BenBE Assigned To  => nigel
10-23-07 03:14 Knut Assigned To nigel => Knut
10-23-07 03:15 Knut Note Added: 0000522


Mantis 1.0.0rc2[^]
Copyright © 2000 - 2005 Mantis Group
31 total queries executed.
27 unique queries executed.
Powered by Mantis Bugtracker