Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Multiple XSS Vulnerabilities #65

Closed
Xyntax opened this issue Jan 13, 2017 · 1 comment
Closed

Multiple XSS Vulnerabilities #65

Xyntax opened this issue Jan 13, 2017 · 1 comment

Comments

@Xyntax
Copy link

Xyntax commented Jan 13, 2017

1

./gxadmin/inc/pages_form.php
line 68

<form action="index.php?page=pages&act=<?=$act?>&token=<?=$_GET['token'];?>" method="post" role="form" class="">

2

./gxadmin/inc/posts_form.php
line 55

<form action="index.php?page=posts&act=<?=$act?>&token=<?=$_GET['token'];?>" method="post" role="form" class="">

3

./gxadmin/inc/posts_form.php
line 25

($_GET['act'] == 'edit') ? $act = "edit&id={$_GET['id']}&token=".$token : $act = 'add';

line 55

<form action="index.php?page=posts&act=<?=$act?>&token=<?=$_GET['token'];?>" method="post" role="form" class="">

4

./gxadmin/inc/menus_form.php
line 79

<input type="text" name='id' class="form-control" value="<?=$menuid;?>" readonly >

5

./gxadmin/inc/menus_form_edit.php
line 26

if (isset($_GET['token'])
    && Token::isExist($_GET['token'])) {
    $token = TOKEN;
} else {
    $token = '';
}

line 225

<input type="hidden" name="token" value="<?=$token;?>">

6

./gxadmin/inc/menus_form_edit.php
line 18

if (isset($_GET['id'])) {
    $menuid = $_GET['id'];
} else {
    $menuid = $data['menuid'];
}

line 104

<input type="text" name='id' class="form-control" value="<?=$menuid;?>" readonly >

7

./gxadmin/inc/user_form.php
line 93

<input type="hidden" name="token" value="<?=$_GET['token'];?>">

PoC

http://localhost/GeniXCMS/gxadmin/index.php?page=pages&act=add&token=%22%3E%3Csvg%20onload=alert(1)%3E

pic

@Xyntax Xyntax changed the title Multiple XSS in pages_form.php / posts_form.php Multiple XSS Vulnerabilities Jan 13, 2017
@semplon semplon self-assigned this Jan 14, 2017
@semplon
Copy link
Owner

semplon commented Jan 14, 2017

thank you @Xyntax. yeah there are still more issues available and i'm happy to know them. i'm still focusing on the features recently. i'll fix it soon.

semplon pushed a commit that referenced this issue Jan 15, 2017
@semplon semplon closed this as completed Jan 21, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants