You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
during a vulnerability assessment, I've seen this script included into a WordPress plugin, that allowed me to check if a TCP port was listening on the localhost or local network of my target by reading the different returned errors:
# An open 22/tcp port:
$ curl -s 'http://target/wp-content/plugins/-redacted-/html2canvasproxy.php?url=http://127.0.0.1:22'
console.log("error: html2canvas-proxy-php: This request did not return a HTTP response valid");# A closed 1234/tcp port:
$ curl -s 'http://target/wp-content/plugins/-redacted-/html2canvasproxy.php?url=http://127.0.0.1:1234'
console.log("error: html2canvas-proxy-php: SOCKET: Connection refused(111)");
Moreover, in the specific environment of the plugin, I was able to store a "Cross-Site Scripting" making this script to get a text/html content that includes not sanitized JavaScript syntax. Obviously, in this case, the problem is not related to html2canvas script but to the way is used.
Probably, in my humble opinion, it should not be possible to request ports different then tcp/80 and tcp/443 if not explicitly allowed by configuration, and it should remove javascript syntax before store the output file.
Sorry for any inaccuracies, let me know if you need more details.
The text was updated successfully, but these errors were encountered:
@theMiddleBlue I clearly understand, thanks for the suggestions, about sanitizing the HTML and I will also block the ports (allowed by defined('ALLOWED_PORTS', array(80, 443))) - Thanks! :)
Hi,
during a vulnerability assessment, I've seen this script included into a WordPress plugin, that allowed me to check if a TCP port was listening on the localhost or local network of my target by reading the different returned errors:
Moreover, in the specific environment of the plugin, I was able to store a "Cross-Site Scripting" making this script to get a text/html content that includes not sanitized JavaScript syntax. Obviously, in this case, the problem is not related to html2canvas script but to the way is used.
Probably, in my humble opinion, it should not be possible to request ports different then tcp/80 and tcp/443 if not explicitly allowed by configuration, and it should remove javascript syntax before store the output file.
Sorry for any inaccuracies, let me know if you need more details.
The text was updated successfully, but these errors were encountered: