Skip to content

[Security Bug] XSS in pop_chart.php #162

Closed
@0xdc9

Description

@0xdc9

Describe the bug
A Cross site scripting due to unfiltered $_GET['filter']

To Reproduce
Steps to reproduce the behavior:

  1. Log in as Admin
  2. Go to http://localhost/admin/modules/reporting/pop_chart.php?filter=2022%20%27<script>alert(%270xdc9%27);</script>
  3. There should be a pop that says '0xdc9'

Screenshots
image

Versions

  • OS: Kali Linux(Debian) 2021
  • Browser: Firefox 78.7.0.esr(64-bit)
  • Slims Version: slims9_bulian-9.4.2

Vulnerable code

  • pop_chart.php line 43-70

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions