Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security] XSS in dompdf/dompdf/www/demo.php #5423

Open
seongil-wi opened this issue Sep 10, 2021 · 1 comment
Open

[Security] XSS in dompdf/dompdf/www/demo.php #5423

seongil-wi opened this issue Sep 10, 2021 · 1 comment

Comments

@seongil-wi
Copy link

  • Faveo Version : v1.11.0 and below versions
  • PHP version : 7.1.33
  • Database Driver & Version : MySQL 5.5.62
  • Server specification : Apache 2.4.29, Turn on the AcceptPathInfo in apache2.conf

Description:

Reflected Cross-Site Scripting (XSS) may allow an attacker to execute JavaScript code in the context of the victim’s browser. This may lead to unauthorized actions being performed, unauthorized access to data, stealing of session information, denial of service, etc. An attacker needs to coerce a user into visiting a link with the XSS payload to be properly exploited against a victim.

Steps To Reproduce:

  1. Go to the http://[localhost]/faveo-helpdesk/vendor/dompdf/dompdf/www/index.php
  2. Login
  3. Go tot the page with the following link: http://[localhost]/faveo-helpdesk/vendor/dompdf/dompdf/www/demo.php/%22%3E%3Cscript%3Ealert(1)%3C/script%3E
  4. Boom!

Where the Issue Occurred
The code below displays the user-controlled input PHP_SELF in demo.php without sufficient sanitization:

<form action="<?php echo $_SERVER["PHP_SELF"];?>" method="post">

Note
Although the dompdf page is accessible from localhost, it can be attacked if the localhost user clicks on the aforementioned link.

Downloaded from

  • [*] master-branch

  • [*] release-tag: v1.11.0

@seongil-wi seongil-wi changed the title [Security] XSS in install/index.php of bugs [Security] XSS in dompdf/dompdf/www/demo.php of bugs Sep 10, 2021
@seongil-wi seongil-wi changed the title [Security] XSS in dompdf/dompdf/www/demo.php of bugs [Security] XSS in dompdf/dompdf/www/demo.php Sep 10, 2021
@bhanu2217 bhanu2217 added this to the v2.0.2 milestone Apr 2, 2023
@bhanu2217 bhanu2217 added this to To do in v2.0.2 Apr 15, 2023
@Noor-mommadhi Noor-mommadhi moved this from To do to In progress in v2.0.2 Apr 15, 2023
@Noor-mommadhi
Copy link
Contributor

Noor-mommadhi commented Apr 18, 2023

@seongil-wi please use the updated version v2.0.1 to avoid the issue

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
v2.0.2
  
In progress
Development

No branches or pull requests

5 participants