Description

• The application is vulnerable to Cross-Site Scripting (XSS) attacks. This occurs when web applications do not properly validate user-supplied inputs before including them in dynamic web pages.

• By intercepting the HTTP Request using Burp-suite tool before submitting into the webpage, Jeffrey was able to store special characters and code in the application, which may then be executed by other users.

Payload

<a onmouseover="alert(document.cookie)">xxs link</a>

POC Walkthrough Video Link:

https://drive.google.com/file/d/1Pc9vQTf5v0FyzrlPPfu9v2Grc1vkS64U/view?usp=share_link

Recommendation

• Before using any user-supplied data, validate its format and reject any characters that are not explicitly allowed (i.e. a white-list). This list should be as restrictive as possible.

• Before using any data (stored or user-supplied) to generate web page content, escape all non alpha-numeric characters (i.e. output-validation). This is particularly important when the original source of data is beyond the control of the application. Even if the source of the data isn't performing input-validation, output-validation will still prevent XSS. This can be done by converting characters to “&#nn;” (ignore the quotes), where “nn” is the hexadecimal ASCII character number.

• You can also limit the size of the category name when creating.

Impact

• Cross-Site Scripting (XSS) Stored can cause a variety of problems for the end user that range in severity from an annoyance to complete account compromise. `

• The most severe XSS attacks involve disclosure of the user's session cookie, allowing an attacker to hijack the user's session and take over the account.