Cross-site Scripting (XSS) - Reflected in cujanovic/ssrf-testing

Valid

Reported on

Sep 7th 2021


✍️ Description

Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates.

The user input GET parameter proto ip port url of index.php is unsanitized resulting reflected cross site scripting.

Remediation

Apply context-dependent encoding and/or validation to user input rendered on a page

📍 Location index.php#L8-L12 📝 References XSS

References

We created a GitHub Issue asking the maintainers to create a SECURITY.md a year ago
wtwver modified the report
a year ago
Z-Old
a year ago

Admin


Hey wtwver, I've contacted the repo's maintainers for you.

We have contacted a member of the cujanovic/ssrf-testing team and are waiting to hear back a year ago
Predrag
a year ago

Maintainer


Thanks, this was fixed: https://github.com/cujanovic/SSRF-Testing/commit/971359ccf938c547ac6a99a0c182541150d560e2

wtwver
a year ago

Researcher


Hi, would you mind to click validate? thanks

Predrag Cujanović validated this vulnerability a year ago
wtwver has been awarded the disclosure bounty
The fix bounty is now up for grabs
Predrag Cujanović confirmed that a fix has been merged on 971359 a year ago
Predrag Cujanović has been awarded the fix bounty
index.php#L8-L12 has been validated
to join this conversation