Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security] XSS in callback.php #137

Closed
seongil-wi opened this issue Sep 13, 2021 · 1 comment
Closed

[Security] XSS in callback.php #137

seongil-wi opened this issue Sep 13, 2021 · 1 comment

Comments

@seongil-wi
Copy link

Describe the bug
Reflected Cross-Site Scripting (XSS) may allow an attacker to execute JavaScript code in the context of the victim’s browser. This may lead to unauthorized actions being performed, unauthorized access to data, stealing of session information, denial of service, etc. An attacker needs to coerce a user into visiting a link with the XSS payload to be properly exploited against a victim.

To Reproduce
Steps to reproduce the behavior:

  1. Access to the following link: http://143.248.249.43/Spotify-for-Alfred/callback.php?error=%3Cscript%3Ealert(1)%3C/script%3E
  2. Boom!

Where the Issue Occurred
The code below displays the user-controlled parameter error without sufficient sanitization:

Error: <code><?php print $_GET['error']; ?></code>

@citelao
Copy link
Owner

citelao commented Jan 17, 2022

This server is only ever run during Spotify setup, and there is no information to steal on this page.

EDIT: Further info: I don't think this is a necessary fix, though it should be simple enough to sanitize the string. I don't plan to make any changes here. Thank you for reporting this, though!

@citelao citelao closed this as completed Jan 17, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants