Grasscutters/mitmproxy
3
0
Fork 0
mirror of https://github.com/Grasscutters/mitmproxy.git synced 2025-02-01 15:55:28 +00:00
Code Issues Projects Releases Wiki Activity

Fix XSS vulnerability in HTTP errors

Browse Source 
The make_error_response method does not properly escape characters
that end up in the response body. Since the error code can contain
user supplied values this leads to a potential XSS vulnerability.

Example:

    echo '<script>alert(1)</script>' | nc localhost 8888
This commit is contained in:
Will Coster 2016-03-31 10:22:29 -07:00
parent f1c5721c8c
commit 55bffe1782
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
mitmproxy/models/http.py
View File

@ -1,5 +1,6 @@
from __future__ import (absolute_import, print_function, division) from __future__ import (absolute_import, print_function, division)
from six.moves import http_cookies as Cookie from six.moves import http_cookies as Cookie
import cgi
import copy import copy
import warnings import warnings
from email.utils import parsedate_tz, formatdate, mktime_tz from email.utils import parsedate_tz, formatdate, mktime_tz
@ -429,7 +430,7 @@ def make_error_response(status_code, message, headers=None):
</head> </head>
<body>%s</body> <body>%s</body>
</html> </html>
""".strip() % (status_code, response, message) """.strip() % (status_code, response, cgi.escape(message))
body = body.encode("utf8", "replace") body = body.encode("utf8", "replace")
if not headers: if not headers: