Skip to content
This repository has been archived by the owner on Sep 28, 2022. It is now read-only.

Possible XSS vulnerability #3

Open
enferas opened this issue Nov 13, 2021 · 1 comment
Open

Possible XSS vulnerability #3

enferas opened this issue Nov 13, 2021 · 1 comment

Comments

@enferas
Copy link

enferas commented Nov 13, 2021

Hello,

I would like to report to XSS vulnerability.

The path.

In file src/Client.php line 30

while(false !== $receiveResult = socket_read($socket, 2048, PHP_NORMAL_READ))
{
	$receiveContent .= $receiveResult;
	// ...
	$data = $this->parser->receive($receiveContent);
	// ...
}

In file src/ClientParser.php line 24

public function receive($data)
{
  $data = $this->parseData($data);
  switch($data['a'])
  {
	  // ...
	  case ServerAction::INIT_RESPONSE:
		  $this->worker->initResponse($data['data']);
		  break;
  }
}

public function parseData($data)
{
  return json_decode(substr($data, 0, -2), true);
}

In file src/ClientWorker.php line 98

public function initResponse($data)
{
  if(!$data['success'])
  {
	  exit('Error: ' . $data['message']);
  }
}

Exit function will terminate the script and print a message which have values from the socket_read. Which will lead to XSS vulnerability.

@enferas
Copy link
Author

enferas commented Dec 2, 2021

CVE-2021-43690 is assigned for this discovery.

YurunProxy v0.01 is affected by a Cross Site Scripting (XSS) vulnerability in src/Client.php. The exit function will terminate the script and print a message which have values from the socket_read.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant