New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

XSS Vulnerabilities: Careers Portal #406

Open
RussH opened this Issue Dec 18, 2018 · 2 comments

Comments

Projects
None yet
1 participant
@RussH
Copy link
Member

RussH commented Dec 18, 2018

a scan of the careers portal for demo.opencats.org shows;

Summary
Overall risk level: HIGH
Risk ratings:High:
Medium: 1
Vulnerable Page Vulnerable Parameter Method Attack Vector
/careers/index.php email POST http://demo.opencats.org/careers/index.php?ID=56&m=careers&p=applyToJob
POST Data: email="><script>alert(1);</script>
/careers/index.php lastName POST http://demo.opencats.org/careers/index.php?ID=56&m=careers&p=applyToJob
POST Data: lastName="><script>alert(1);</script>
/careers/index.php zip POST http://demo.opencats.org/careers/index.php?ID=56&m=careers&p=applyToJob
POST Data: zip="><script>alert(1);</script>

XSS Mitigation needs to be investigated

@RussH

This comment has been minimized.

Copy link
Member Author

RussH commented Dec 18, 2018

Mitigation: enable HttpOnly Cookie; https://geekflare.com/httponly-secure-cookie-apache/
(Note: See also https://www.garron.me/en/bits/enable-mod-headers-apache-2.html)

Also need to look at input field validation... I assume htmlspecialchars or similar.

@RussH

This comment has been minimized.

Copy link
Member Author

RussH commented Dec 19, 2018

Looks like this can be added to /lib/UserInterface.php line 384;
return trim(htmlspecialchars ($request[$key]), ENT_QUOTES)

Already changed on demo.opencats.org... I will make a PR and see if all the unit tests pass.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment