CodeIgniter 2.1 - 'xss_clean()' Filter Security Bypass

EDB-ID:

37521




Platform:

PHP

Date:

2012-07-19


source: https://www.securityfocus.com/bid/54620/info

CodeIgniter is prone to a security-bypass vulnerability.

An attacker can exploit this issue to bypass XSS filter protections and perform cross-site scripting attacks.

CodeIgniter versions prior to 2.1.2 are vulnerable. 

Build an application on CodeIgniter 2.1.0:

// application/controllers/xssdemo.php
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');

class Xssdemo extends CI_Controller {

        public function index() {
            $data['xss'] =
$this->security->xss_clean($this->input->post('xss'));
            $this->load->view('xssdemo', $data);
        }
}

// application/views/xssdemo.php
<form method=post>
                <textarea name=xss><?php echo htmlspecialchars($xss);
?>&lt;/textarea&gt;
                <input type=submit />
                </form>
        <p>XSS:
        <hr />
    <?php echo $xss ?>

Launch http://app-uri/index.php/xssdemo and try above vectors.