Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in devcode-it/openstamanager

Valid

Reported on

Aug 14th 2021


✍️ Description

A user without access to the software can inject a portion of HTML code in access logs.

🕵️‍♂️ Proof of Concept

Simulate login with a crafter Client-IP header like this:

curl -H 'Client-IP: <h1>INJECT</h1>' -d 'username=<your-usename>&password=<your-password>&op=login' 'http://localhost/<your-path>/?op=login'

The result is: screen

💥 Impact

This vulnerability can inject HTML code. Fortunately the field for ip address is only 15 characters, too small to inject javascript code. 📍 Location functions.php#L188 📍 Location functions.php#L188

loviuz modified their report
4 months ago
loviuz modified their report
4 months ago
We have contacted a member of the devcode-it/openstamanager team and are waiting to hear back 4 months ago
devcode-it/openstamanager maintainer validated this vulnerability 4 months ago
loviuz has been awarded the disclosure bounty
The fix bounty is now up for grabs
loviuz submitted a
3 months ago
devcode-it/openstamanager maintainer confirmed that a fix has been merged on c965b3 3 months ago
loviuz has been awarded the fix bounty