Item13384: Entering backslash into the search box escapes the quote in the %SEARCH macro
Priority: Low
Current State: Confirmed
Released In: n/a
Target Release: minor
How to reproduce
- Enter backslash into the search box
- press enter
the following is appear
Searched: " type="word
so something is escaped. Maybe not exploitable... but for sure reporting it.
--
JozefMojzis - 25 Apr 2015
Crawford, I can confirm that this escape behaviour happens on both 1.1.9 and 1.2.0.
No idea if there is some way to exploit it, but the backslash seems to be escaping a quote in an eval'd string somewhere.
--
GeorgeClark - 25 Apr 201
From a private message:
(09:59:29 PM) gac410: The backslash issue appears to be in the WebSearch page itself and not in the perl.
(09:59:42 PM) gac410: "%<nop>URLPARAM{"search" encode="quote"}%"
(09:59:42 PM) gac410: type="%<nop>URLPARAM{"type" default="word"}%"
(10:00:11 PM) gac410: So when the search param is \, it runs together the search string and the type= option.
(10:00:24 PM) jomo: cool - so not usable as a hack... ;)
(10:00:32 PM) gac410: I don't think that this is a security issue. But it still isn't right.
(10:00:46 PM) gac410: I have no idea how to fix it.
I am not sure how to enter a backslash into a macro without it being treated as an escape. I tried entering a double-backslash, and it still escapes the quote. I can't find a general discussion on entering escapes in macro arguments, and how to escape the escapes.
Number of topics: 0
--
GeorgeClark - 25 Apr 2015
Since it's a TML issue, downgrading this task to low.
--
GeorgeClark - 26 Apr 2015