Skip to content

XSS - rtr param #1

Open
Open
@lorenzodifuccia

Description

@lorenzodifuccia

During a security test I found that routers2.cgi has a Cross-Site Scripting (XSS) vulnerability, affecting the rtr GET parameter in the request below. This may enable attackers to inject malicious scripts into client browser.

http://www.steveshipway.org/cgi-bin/routers2.pl?rtr=--><script>alert("XSS")</script>&bars=Cami&xgtype=d&page=graph&xgstyle=l2&xmtype=routers

XSS Evidence 01

XSS Evidence 02

Cause:
print "<!-- R:[$router]\n I:[$interface]\n A:[$archive]\n U:[$authuser] -->\n";

All the params returned in the HTML should be escaped.

Metadata

Metadata

Assignees

Labels

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions