New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
I have find a Reflected XSS vulnerability in this project #2
Comments
|
Hi jgj212, I am not author of the script, but I also use this very nice script, do You also have suggestions to the author how to protect that part of the code? |
|
Oh, my god. i make a mistake in the issue. The infected module is "FineCMS-master\index.php", which will pass the http parameter to application.php with no security checking. Do you mean that the application.php is not developmented by you? @danfolt |
|
You didn' make a mistake, https://github.com/andrzuk (author) can see it from your screenshots that the issue is in index.php passing parameters to application.php, I tried that malicious url and you are right, and yes I have not developed anything here on that script. |
|
Oh, you are a user of FineCMS? I am sorry, i thought you are the author of this CMS just now. The protection is just to checking parameter before pass to application.php. @danfolt |
|
Yes, I am only a user of this script, (still not as good as to be a real developer), but as I've seen your detailed description of the issue I had a feeling that You also already have a solution. |
|
jgj212, thank you for pointing this vulnerability. I have just fixed it by adding strip_tags() filtration. |
|
@andrzuk tks, i got it |
|
@andrzuk I have made the changes in all four files and when I insert jgj212 javascript code into URL, I still see that alert, is it ok to see it? When I insert that in any other website it redirects me to 404 page not found |

Hello:
I have find a Reflected XSS vulnerability in this project.
The vulnerability exists due to insufficient filtration of user-supplied data in "action" HTTP parameter that will be passed to "FineCMS-master\index.php". The infected source code is line 46, there is no protection on $_GET['action']; if $_GET['action'] contains evil js code, line 48 will trigger untrusted code to be executed on the browser side.



So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil.
http://your-web-root/FineCMS-master/index.php?action="><script>alert(1);</script><"
The follow scrrenshot is the result to click the upper url ( win7 spq x64 + firefox 51.0.1 32bit ):

Discoverer: ADLab of Venustech
The text was updated successfully, but these errors were encountered: