Cross-site Scripting (XSS) - Reflected in universaloj/uoj-system
Reported on
Sep 9th 2021
✍️ Description
Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates.
The user input URL path REQUEST_URI
of reset_pw.php
is unsanitized resulting reflected cross site scripting.
Remediation
Apply context-dependent encoding and/or validation to user input rendered on a page
Occurrences
Hi, the fix json_encode() is a JS function which can be bypassed with a )
at the beginning of the payload
The untrusted input handle shd be done with php function. Thanks
Sorry this is updated.
Hi, the fix json_encode() is a PHP function which is not located in php <??>
The untrusted input handle shd be done in side the <??> php boundry. Thanks
Hi, json_encode
is a PHP function. The fix has a syntax error so I've done another commit to fix that.
https://github.com/UniversalOJ/UOJ-System/commit/dcd0d0b66eb1f9c1cc201166e8484944c1a59d36
Thanks!