Skip to content
This repository has been archived by the owner on Jan 27, 2023. It is now read-only.

XSS vulnerability in export.php #139

Open
duypv1997 opened this issue Apr 18, 2019 · 0 comments
Open

XSS vulnerability in export.php #139

duypv1997 opened this issue Apr 18, 2019 · 0 comments
Assignees
@mkucej
Labels
bug

Comments

@duypv1997
Copy link

duypv1997 commented Apr 18, 2019
edited
Loading

Summary

The parameter export_files is not sanitized, so attackers can poison this parameter and then create a reflected XSS attack.

POC

https://i-librarian.net/demo/export.php?export_files="><script>alert(1)</script>

Detail

The flaw exists since $get_post_export_files was assigned to a GET parameter without sanitizing

    if (isset($_GET['export_files']))
        $get_post_export_files = $_GET['export_files'];

then, $get_pos_export_files was printed without escaping

                    <input type="hidden" name="export_files" value="<?php print $get_post_export_files ?>">
@mkucej mkucej self-assigned this Apr 18, 2019
@mkucej mkucej added the bug label Apr 18, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@mkucej mkucej

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mkucej @duypv1997