You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
you do not sanitize the 5 $_POST variables username,contentname,tagline,content, and genre against XSS vectors in publish.php when inserting new articles in the database. This can lead to different harmfull actions performed against users by injected code. You should consider applying filter functions similar to the attached patch. patch.txt
Note that this patch does filter all HTML tags..what might not be an option for you as you use an editor that produces HTML tags. However there are solutions for these cases too, e.g.: HTML Purifier(http://htmlpurifier.org/)
POC:
This will insert a malicious XSS code inside each of the mentioned fields with the username of user shown as author and does not even require authentication. $ curl -d "username=user'#\"><script>alert('usr');</script><a href=\"#&contentname=<script>alert('title');</script>&tagline=<script>alert('tags');</script>&content=<script>alert('content');</script>&<script>alert('gen');</script>" -X POST http://localhost/Social-Platform-Donut/596841401/publish.php
Further, you should consider authenticating the user and the calling script before processing POST requests in general and reading static contents from storage when accessible instead of passing and reading them from easily alterable request parameters.
The text was updated successfully, but these errors were encountered:
Hi Developers,
you do not sanitize the 5 $_POST variables username,contentname,tagline,content, and genre against XSS vectors in publish.php when inserting new articles in the database. This can lead to different harmfull actions performed against users by injected code. You should consider applying filter functions similar to the attached patch.
patch.txt
Note that this patch does filter all HTML tags..what might not be an option for you as you use an editor that produces HTML tags. However there are solutions for these cases too, e.g.: HTML Purifier(http://htmlpurifier.org/)
POC:
This will insert a malicious XSS code inside each of the mentioned fields with the username of user shown as author and does not even require authentication.
$ curl -d "username=user'#\"><script>alert('usr');</script><a href=\"#&contentname=<script>alert('title');</script>&tagline=<script>alert('tags');</script>&content=<script>alert('content');</script>&<script>alert('gen');</script>" -X POST http://localhost/Social-Platform-Donut/596841401/publish.php
Further, you should consider authenticating the user and the calling script before processing POST requests in general and reading static contents from storage when accessible instead of passing and reading them from easily alterable request parameters.
The text was updated successfully, but these errors were encountered: