Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A Reflected XSS vulnerability in this sdk #111

Closed
jgj212 opened this issue Feb 23, 2017 · 1 comment
Closed

A Reflected XSS vulnerability in this sdk #111

jgj212 opened this issue Feb 23, 2017 · 1 comment

Comments

@jgj212
Copy link

jgj212 commented Feb 23, 2017
edited
Loading

Hello:
I found a Reflected XSS vulnerability in this sdk.

The vulnerability exists due to insufficient filtration of user-supplied data in 'ContactId' HTTP _REQUEST parameter that will be passed to “infusionsoft-php-sdk-master/Infusionsoft/examples/leadscoring.php”. The infected source code is line 2, there is no protection on $_REQUEST['ContactId']; If $_REQUEST['ContactId'] contains evil js code, line 53 will trigger untrusted code to be excuted on the browser side
code1

So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil.
http://your-web-root/infusionsoft-php-sdk-master/Infusionsoft/examples/leadscoring.php?ContactId="><script>alert(1);</script><"

The follow screenshot is the result to click the upper url ( win7 sp1 x64 + firefox 51.0.1 32bit ):
sc

Discoverer: ADLab of Venustech
@jacoballred
Copy link
Contributor

Thanks! I've added encoding of HTML entities for that, which I think should fix this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jacoballred @jgj212