We've joined Protect AIJoin us over there for bounties up to $50,000+ for vulnerabilities in AI/ML repos

Cross-site Scripting (XSS) - Reflected in cujanovic/ssrf-testing

Valid

Reported on

Sep 7th 2021

✍️ Description

Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates.

The user input GET parameter proto ip port url of index.php is unsanitized resulting reflected cross site scripting.

Remediation

Apply context-dependent encoding and/or validation to user input rendered on a page

📍 Location index.php#L8-L12 📝 References XSS

References

We created a GitHub Issue asking the maintainers to create a SECURITY.md 2 years ago
wtwver modified the report
2 years ago
Z-Old
2 years ago

Admin

Hey wtwver, I've contacted the repo's maintainers for you.

We have contacted a member of the cujanovic/ssrf-testing team and are waiting to hear back 2 years ago
Predrag
2 years ago

Maintainer

Thanks, this was fixed: https://github.com/cujanovic/SSRF-Testing/commit/971359ccf938c547ac6a99a0c182541150d560e2

wtwver
2 years ago

Researcher

Hi, would you mind to click validate? thanks

Predrag Cujanović validated this vulnerability 2 years ago
wtwver has been awarded the disclosure bounty
The fix bounty is now up for grabs
Predrag Cujanović marked this as fixed with commit 971359 2 years ago
Predrag Cujanović has been awarded the fix bounty
This vulnerability will not receive a CVE
index.php#L8-L12 has been validated
to join this conversation