Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Stored Self-Cross Site Scripting (XSS) - zones.php #2444

Closed
Loginsoft-Research opened this issue Jan 24, 2019 · 0 comments
Closed

Stored Self-Cross Site Scripting (XSS) - zones.php #2444

Loginsoft-Research opened this issue Jan 24, 2019 · 0 comments

Comments

@Loginsoft-Research
Copy link

Describe Your Environment

  • ZoneMinder v1.33.1
  • Installed from - ppa:iconnor/zoneminder-master

Describe the bug
In the view zone, an user can add/view/delete zones. While adding a zone, there exists no input filtration, allowing an attacker to inject unintended values. Later while displaying the zone names on the webpage,there exists no output filtration, leading to Self - Stored based XSS.

To Reproduce
Affected URL :
http://localhost/zm/index.php?view=zones&action=zoneImage&mid=1

Payload used - "><img src=x onerror-prompt('1');>

  • Navigate to the Affected URL
  • Click on Add a new zone (pop-up appears)
  • Add the XSS payload into the NAME field & select any of option from the Type dropdown field & click on save.
  • Navigate back to the Affected URL, payload would be triggered.

zones

Expected behavior

  • Proper escaping of special characters.

Debug Logs


None
knight-of-ni added a commit that referenced this issue Jan 25, 2019
@knight-of-ni
Merge pull request #2481 from mnoorenberghe/2444
99a6db3 
Fix zones.php self-xss. Fixes #2444
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Loginsoft-Research