Fixed Cross Site scripting on OpenCart-Overclocked

[Asjidkalam]

📊 Metadata *

Fixed Cross Site Scripting.

Bounty URL: https://www.huntr.dev/bounties/1-packagist-opencart-overclocked

⚙️ Description *

Reflected Cross-Site Scripting (XSS) may allow an attacker to execute JavaScript code in the context of the victim's browser. This may lead to unauthorized actions being performed, unauthorized access to data, stealing of session information, denial of service, etc. An attacker needs to coerce a user into visiting a link with the XSS payload to be properly exploited against a victim.

💻 Technical Description *

The following code shows that the $_GET['token'] variable is reflected in the victim's browser without any input validation, leading to reflected XSS:
https://github.com/villagedefrance/OpenCart-Overclocked/blob/d145e4c9baaa6fba76c88ecfdd90fccc21a7ef8a/upload/admin/view/template/extension/openbay.tpl#L95
To fix the issue, PHP's htmlspecialchars() is used to convert special characters to HTML entities.

Reference: https://stackoverflow.com/questions/1996122/how-to-prevent-xss-with-html-php

🐛 Proof of Concept (PoC) *

Payload: "; alert(1); //
Use this payload with the GET parameter token to trigger the XSS

🔥 Proof of Fix (PoF) *

After using the htmlspecialchars, all payloads are sanitized to prevent triggering XSS.

👍 User Acceptance Testing (UAT)

Just wrapped the echo command with the htmlspecialchars, no breaking changes introduced. :)

[Mik317]

LGTM 😄

Cheers,
Mik

[toufik-airane]

It's been a long time I've not read some PHP. 😅
Nice job. 👍

😅

[mufeedvh]

[huntr-helper]

Congratulations Asjidkalam - your fix has been selected! 🎉

Thanks for being part of the community & helping secure the world's open source code.
If you have any questions, please respond in the comments section. Your bounty is on its way - keep hunting!