Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cross-site Scripting (XSS) #1431

Closed
honcbb opened this issue May 7, 2017 · 3 comments
Closed

Cross-site Scripting (XSS) #1431

honcbb opened this issue May 7, 2017 · 3 comments
Labels

Comments

@honcbb
Copy link

honcbb commented May 7, 2017

Version:1.6.0

Hi, I'm in your 1.6.0 version open source found to index.php this page parameter value ID does not filter in the output or filter or escape the input character to cause XSS

Poc Payload:

http://127.0.0.1/index.php?main_page=login%22%3E%3Csvg/onload=alert(domain)%3E%22

Resolving: Filtering encoding or escaping

default
1
2

@honcbb honcbb changed the title Version:1.6 Cross-site Scripting (XSS) May 7, 2017
drbyte added a commit that referenced this issue May 7, 2017
@honcbb
Copy link
Author

honcbb commented May 7, 2017

@drbyte Can you help me ask for a CVE ID ?

site: https://cveform.mitre.org/

drbyte added a commit that referenced this issue May 7, 2017
drbyte added a commit that referenced this issue May 7, 2017
@drbyte
Copy link
Member

drbyte commented May 7, 2017

Thanks for the feedback.

Fortunately this (v160) is a development branch, and is unofficial unreleased code. The change in #1432 resolves this issue.

The officially-released code version (latest release v1.5.5e) is not affected by this attack vector.

@zcwilt
Copy link
Member

zcwilt commented May 9, 2017

It should also be noted that we intend to introduce automated request sanitization, similar to the code in admin.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

3 participants