issue: AJAX Reflected XSS

This addresses an issue where you can exploit XSS in the help-topic AJAX request. This adds a check for a refferal URL and if none it will return a 403 Forbidden Response.
osTicket · Mar 20, 2018 · e919d8a · e919d8a
1 parent c4669d7
commit e919d8a
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/include/ajax.forms.php b/include/ajax.forms.php
@@ -15,6 +15,9 @@ function getForm($form_id) {
     }
 
     function getFormsForHelpTopic($topic_id, $client=false) {
+        if (!$_SERVER['HTTP_REFERER'])
+            Http::response(403, 'Forbidden.');
+
         if (!($topic = Topic::lookup($topic_id)))
             Http::response(404, 'No such help topic');