I have find a Reflected XSS vulnerability in this project #15

jgj212 · 2017-03-04T05:01:11Z

Hello:
I have find a Reflected XSS vulnerability in this project.

The vulnerability exists due to insufficient filtration of user-supplied data in "step" HTTP parameter that will be passed to "MaNGOSWebV4-master/install/index.php". The infected source code is line 35, there is no protection on $_GET['step']; if $_GET['step'] contains evil js code, line 41 will trigger untrusted code to be excuted on the browser side.

So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil.
http://your-web-root/MaNGOSWebV4-master/install/index.php?step=><script>alert(1);</script><

The follow scrrenshot is the result to click the upper url ( win7 spq x64 + firefox 51.0.1 32bit )

Discoverer: ADLab of Venustech

Added htmlspecialchars() to "step" variable.

paintballrefjosh self-assigned this Mar 4, 2017

paintballrefjosh added the bug label Mar 4, 2017

paintballrefjosh referenced this issue Mar 4, 2017

Fixed XSS exploit in install script

4509beb

Added htmlspecialchars() to "step" variable.

paintballrefjosh mentioned this issue Mar 4, 2017

Fixed XSS exploit in install script #16

Merged

paintballrefjosh closed this as completed Mar 4, 2017

paintballrefjosh removed their assignment Mar 9, 2017

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

I have find a Reflected XSS vulnerability in this project #15

I have find a Reflected XSS vulnerability in this project #15

jgj212 commented Mar 4, 2017 •

edited

I have find a Reflected XSS vulnerability in this project #15

I have find a Reflected XSS vulnerability in this project #15

Comments

jgj212 commented Mar 4, 2017 • edited

jgj212 commented Mar 4, 2017 •

edited