Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cross site script (xss) #1327

Closed
tamilanmkv opened this issue May 27, 2021 · 4 comments
Closed

cross site script (xss) #1327

tamilanmkv opened this issue May 27, 2021 · 4 comments
Milestone

Comments

@tamilanmkv
Copy link

Describe your problem

I found a cross-site scripting attack on the login page http://localhost:800/admin/login
cross-site scripting is a vulnerability that allows an attacker to send malicious code(usually in javascript form)
to another user
Because a browser cannot know if the script should be trusted or not,
it will execute the script in user context allowing the attacker to access any cookies or sessions tokens retained
by the browser.

Steps to reproduce the problem

  1. open login page http://localhost:800/admin/login;
  2. enter the username place admin"><img src=x onerror=alert(1)> and enter password
  3. trigger the malicious javascript code

Bludit version

bludit-3-13-1

PHP version

PHP 7.4.15

@s22-tech
Copy link

s22-tech commented Jun 3, 2021

I can confirm the security problem on my install. Thanks for the heads up!

A quick and dirty fix is to add:
$username = strip_tags($_POST['username']);
to
/bl-kernel/admin/views/login.php

and then use $username in place of $_POST['username'].

@tamilanmkv
Copy link
Author

can you assign a new CVE for this report?

@dignajar
Copy link
Member

dignajar commented Jun 7, 2021

@dignajar dignajar added this to the bludit v4 milestone Jun 7, 2021
@a6smile
Copy link

a6smile commented Aug 3, 2021

I can confirm the security problem on my install. Thanks for the heads up!

A quick and dirty fix is to add:
$username = strip_tags($_POST['username']);
to
/bl-kernel/admin/views/login.php

and then use $username in place of $_POST['username'].

It can be made simple by change $_POST['username'] to strip_tags($_POST['username'])

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

4 participants