Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

I have find a Reflected XSS vulnerability in this project #20

Closed
jgj212 opened this issue Mar 4, 2017 · 5 comments
Closed

I have find a Reflected XSS vulnerability in this project #20

jgj212 opened this issue Mar 4, 2017 · 5 comments

Comments

@jgj212
Copy link

jgj212 commented Mar 4, 2017

Hello:
I have find a Reflected XSS vulnerability in this project.

The vulnerability exists due to insufficient filtration of user-supplied data in “id” HTTP parameter that will be passed to “wuhu-master/www_admin/users.php”. The infected source code is line 67, there is no protection on $_GET["id"]; if $_GET["id"] contains evil js code, line 67 will trigger untrusted code to be excuted on the browser side.
code1

So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil.
http://your-web-root/wuhu-master/www_admin/users.php?id="><script>alert(1);</script><"

The follow scrrenshot is the result to click the upper url ( win7 spq x64 + firefox 51.0.1 32bit ):
sc

Discoverer: ADLab of Venustech

@Gargaj
Copy link
Owner

Gargaj commented Mar 4, 2017

That's very nice but it's the admin interface; if you wanna break your own party, it's your own damn fault.

@Gargaj Gargaj closed this as completed Mar 4, 2017
@jgj212
Copy link
Author

jgj212 commented Mar 4, 2017

@Gargaj yes, it is the admin interface. but a attacker can use this vulnerability to do some harm, because send a evil url to the admin of the website do not need any admin permission.

@Gargaj
Copy link
Owner

Gargaj commented Mar 4, 2017

It's not a website, it's a locally ran web interface, where the admin section is password protected and noone can send requests to it. But don't worry, i'll "fix" it.

@jgj212
Copy link
Author

jgj212 commented Mar 4, 2017

@Gargaj tks, i got it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants