J1.5

Difference between revisions of "Possible IE XSS Attack"

From Joomla! Documentation

 
(2 intermediate revisions by the same user not shown)
Line 9: Line 9:
 
* [http://kestas.kuliukas.com/JavaScriptImage/ Running an XSS attack from an image]
 
* [http://kestas.kuliukas.com/JavaScriptImage/ Running an XSS attack from an image]
  
[[Category:Version 1.5 FAQ]]
+
[[Category:Archived version Joomla! 1.5]]
[[Category:Version 1.5.10 FAQ]]
 

Latest revision as of 20:20, 1 September 2013

The "J1.5" namespace is an archived namespace. This page contains information for a Joomla! version which is no longer supported. It exists only as a historical reference, it will not be improved and its content may be incomplete and/or contain broken links.

It is a check run to ensure that an image uploaded doesn't flip IE6 into one of its weird quirks where it will take a perfectly valid looking image and treat it as a web page. This can cause potential for an XSS attack where in an uploaded file can be run on the server. It appears that this has been fixed in IE7 or greater.

There are a few checks that the Joomla Media Manager does to try and ensure that what is being uploaded is sane. If it is an image we attempt to check it has valid dimensions, for other file types it attempts to validate that the mime type is correct using fileinfo or mime magic though if you're an administrator or higher (super admin) these checks can be bypassed - though the XSS can't be bypassed and is run even if all other checks pass.

Typically if you have a look at the EXIF data of the image there will be something resembling HTML that could trip IE up. It errs on the safe side and prevents it. Stripping the HTML from the image metadata should fix the problem.

Further Reading[edit]