It’s late, but I will try to describe security vulnerabilities I found recently:

1) XSS in BugTracker
You visit bug tracker, hacker can login on your account. This works only if you – as admin – logs into bug tracker and there is malicious report/code from user.

The fix is here:

Fix XSS in bugtracker.php · slawkens/myaac@83a91ec

2) XSS in forum, same as 1), but this time on forum. It is enough that you visit a malicious forum thread with your admin account.

There are 2 fixes:
here: Fix forum XSS · slawkens/myaac@d1bc63d (https://github.com/slawkens/myaac/commit/d1bc63d07ad88a143358cacd2c417891eea74dcc)
and here: Fix XSS in forum · slawkens/myaac@55dbade (https://github.com/slawkens/myaac/commit/55dbade8d5280c5baed45e5f7ebc3613b8e9b9e8)

There is also 3) bug, but a bit smaller. One user can steal another session from user, if they login on the same computer.

And the fix: Prevent session fixation · slawkens/myaac@483155c (https://github.com/slawkens/myaac/commit/483155cf4c1e3068aaee0d44541dfa61f6223379)

I advice all the users to apply those 3 fixed immediately! Otherwise hacker can gain access to your account and do whatever he wants!

I am also going to release a fixed version of MyAAC ASAP.

I want to hold you on the safe side, if something more will be found, I will post fixes ASAP.

1 Comment

  1. Hello, Slawkens!

    Cool to see you keep yourself busy with stuff like this. There are in fact more vulnerabilities, I’ll keep track of your posts and see what you’ll find next! Good luck.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.