You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description:
The second and the most common type of XSS is Reflected XSS (Non-persistent XSS). In this case, the attacker’s payload has to be a part of the request that is sent to the web server. It is then reflected back in such a way that the HTTP response includes the payload from the HTTP request. Attackers use malicious links, phishing emails, and other social engineering techniques to lure the victim into making a request to the server. The reflected XSS payload is then executed in the user’s browser.
Reflected XSS is not a persistent attack, so the attacker needs to deliver the payload to each victim. These attacks are often made using social networks.
Login to application
Goto the Document Manager and view the list of documents
there is a search perimeter insert xss payload as <ScRipT>alert("XSS");</ScRipT>
Output encoding: It is recommended to implement ‘output encoding’ to convert untrusted input into a safe form where the input is displayed as data to the user without executing as code in the browser. Java HTML encoding Function public static String HTMLEncode(String aTagFragment){ final StringBuffer result = new StringBuffer(); final StringCharacterIterator iterator = new StringCharacterIterator(aTagFragment); char character = iterator.current(); while (character != StringCharacterIterator.DONE ) { if (character == '<') result.append("<"); else if (character == '>') result.append(">"); else if (character == '"') result.append("""); else if (character == ''') result.append("'"); else if (character == '\') result.append("\"); else if (character == '&') result.append("&"); else { //the char is not a special one //add it to the result as is result.append(character); } character = iterator.next(); } return result.toString(); } • Escaping: Escape all untrusted data based on the HTML context (body, attribute, JavaScript, CSS, or URL) that the data will be placed into. EASPI API String safe = ESAPI.encoder().encodeForHTML( request.getParameter( "input" ) ); • Filtering input parameter: Positive or "whitelist" input validation with appropriate canonicalization is the recommended filtering technique. Alternatively, black-list filtering input works by removing some or all special characters from your input. Special characters are characters that enable script to be generated within an HTML stream. Special characters include the following: <> " ' % ; ) ( & + - JavaScript Codefunction RemoveBad(strTemp) { strTemp = strTemp.replace(/<|>|"|'|%|;|(|)|&|+|-/g,""); return strTemp; }
While the issue was investigated, there were some backend updates done which apparently automatically mysteriously fixed the issue.
The text was updated successfully, but these errors were encountered:
prasadlingamaiah
changed the title
Reflected XSS Vulnerability
Reflected Cross Site scripting Vulnerability
Mar 22, 2019
prasadlingamaiah
changed the title
Reflected Cross Site scripting Vulnerability
Reflected Cross Site scripting Vulnerability in Evolution CMS 2.0.x
Aug 2, 2019
Reflected Cross Site scripting Vulnerability
Description:
The second and the most common type of XSS is Reflected XSS (Non-persistent XSS). In this case, the attacker’s payload has to be a part of the request that is sent to the web server. It is then reflected back in such a way that the HTTP response includes the payload from the HTTP request. Attackers use malicious links, phishing emails, and other social engineering techniques to lure the victim into making a request to the server. The reflected XSS payload is then executed in the user’s browser.
Reflected XSS is not a persistent attack, so the attacker needs to deliver the payload to each victim. These attacks are often made using social networks.
Login to application
Goto the Document Manager and view the list of documents
there is a search perimeter insert xss payload as <ScRipT>alert("XSS");</ScRipT>
Effected URL
https://20.0.0.143/evolution-2.0.x/manager/#?a=112&id=1
Mitigation:
Output encoding: It is recommended to implement ‘output encoding’ to convert untrusted input into a safe form where the input is displayed as data to the user without executing as code in the browser. Java HTML encoding Function public static String HTMLEncode(String aTagFragment){ final StringBuffer result = new StringBuffer(); final StringCharacterIterator iterator = new StringCharacterIterator(aTagFragment); char character = iterator.current(); while (character != StringCharacterIterator.DONE ) { if (character == '<') result.append("<"); else if (character == '>') result.append(">"); else if (character == '"') result.append("""); else if (character == ''') result.append("'"); else if (character == '\') result.append("\"); else if (character == '&') result.append("&"); else { //the char is not a special one //add it to the result as is result.append(character); } character = iterator.next(); } return result.toString(); } • Escaping: Escape all untrusted data based on the HTML context (body, attribute, JavaScript, CSS, or URL) that the data will be placed into. EASPI API String safe = ESAPI.encoder().encodeForHTML( request.getParameter( "input" ) ); • Filtering input parameter: Positive or "whitelist" input validation with appropriate canonicalization is the recommended filtering technique. Alternatively, black-list filtering input works by removing some or all special characters from your input. Special characters are characters that enable script to be generated within an HTML stream. Special characters include the following: <> " ' % ; ) ( & + - JavaScript Codefunction RemoveBad(strTemp) { strTemp = strTemp.replace(/<|>|"|'|%|;|(|)|&|+|-/g,""); return strTemp; }
While the issue was investigated, there were some backend updates done which apparently automatically mysteriously fixed the issue.
The text was updated successfully, but these errors were encountered: