Cross-site Scripting (XSS) - Reflected in dmpop/mejiro
Reported on
Oct 13th 2021
Description
From OWASP : : Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script.
This report is a bypass of this report
Proof of Concept
Impacted GET variable : d & photo
http://0.0.0.0/mejiro/index.php?d=%3Cimg%20src=x%20onerror=alert(1)%20/%3E
http://0.0.0.0/mejiro/index.php?all=1&photo=%22%3E%3Cimg%20src%3da%20onerror%3dalert(1)%3E&d=
Impact
- Cookie theft: Stealing the victim's cookie in order to access their account;
- Phishing: Rewriting the DOM of the page or redirecting the victim to a malicious site;
- Screenshot: Use HTML5 features to make a screenshot of the page from victim PoV;
Remediation
Use htmlentities()
I'm too stupid to figure out how to fix the code. Any suggestion will be greatly appreciated.
In case you don't see it : https://github.com/dmpop/mejiro/compare/HEAD...joshuamart:fix_xss
Ah! I've merged your changes into my repo. Thank you so much for your help!
@admin As seen with Dmitri Popov the 0$ bounty is a mistake but he doesn't know how to change it, not having this point of view I can't help him, can you please tell him? thank's
@maintainer - can you please confirm you are happy to reward the full disclosure bounty?
@admin Yes, I confirm that I'd like to reward the full disclosure bounty.