Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

A Reflected XSS vulnerability in webhook.php #50

Closed
jgj212 opened this issue Mar 24, 2017 · 0 comments

Comments

Projects
None yet
2 participants
@jgj212
Copy link

commented Mar 24, 2017

Hello:
I have find a Reflected XSS vulnerability.

The vulnerability exists due to insufficient filtration of user-supplied data in "challenge" HTTP parameter that will be passed to "tdm-master/webhook.php". The infected source code is line 5, there is no protection on $_GET['challenge'], if it contains evil js code, line 72 will trigger untrusted code to be executed on the browser side.
c1
c2

So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil.
http://your-web-root/tdm-master/webhook.php?challenge="><script>alert(1);</script><"

The follow scrrenshot is the result to click the upper url ( win7 sp1 x64 + firefox 51.0.1 32bit ):
s1

Discoverer: ADLab of Venustech

@trollepierre trollepierre self-assigned this Apr 11, 2017

@trollepierre trollepierre added the bug label Apr 11, 2017

lesserwhirls added a commit to lesserwhirls/thredds that referenced this issue Nov 19, 2017

Add suppression file for Jenkins
Add a suppression file to ignore false positives reported by dependency-check plugin on Jenkins. The entery in this file suppresses false positives for CVE-2017-7871, which deals with trollepierre/tdm#50, which is not related to our TDM module (totally different project).

lesserwhirls added a commit to lesserwhirls/thredds that referenced this issue Nov 19, 2017

Add suppression file for Jenkins
Add a suppression file to ignore false positives reported by dependency-check plugin on Jenkins. The entery in this file suppresses false positives for CVE-2017-7871, which deals with trollepierre/tdm#50, which is not related to our TDM module (totally different project).

cwardgar added a commit to Unidata/thredds that referenced this issue Nov 20, 2017

Add suppression file for Jenkins
Add a suppression file to ignore false positives reported by dependency-check plugin on Jenkins. The entery in this file suppresses false positives for CVE-2017-7871, which deals with trollepierre/tdm#50, which is not related to our TDM module (totally different project).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.