| 标题 | PHPGurukul Emergency Ambulance Hiring Portal 1.0 Cross Site Scripting |
|---|
| 描述 | Bug Description:
A reflected cross-site scripting (XSS) vulnerability in PHPGurukul Emergency Ambulance Hiring Portal 1.0 allows attackers to execute arbitrary web scripts via a crafted payload injected into the "search request" field.
Steps to Reproduce:
# Exploit Title: Reflected XSS in "Search Request" functionality of Emergency Ambulance Hiring Portal
# Date: 28-03-2024
# Exploit Author: dhabaleshwardas
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/emergency-ambulance-hiring-portal-using-php-and-mysql/
# Version: 1.0
# Tested on: firefox/chrome/brave
# CVE:
To reproduce the attack:
1- Login to the application and then head to the http://localhost/eahp/admin/search.php endpoint .
2- Here you would be asked to give a value in the "search by request number" parameter. We simply put an XSS payload "><script>alert(2)</script>.
3- As soon as you hit "Search" intercept the request and then check the response, you can see the payload directly embedded into the HTML content without proper sanitization or encoding, and hence, a pop-up is shown with the number "2".
4- Although Reflected XSS is not as critical as Stored XSS but still it can be used to steal user session cookies, allowing the attacker to impersonate the victim and perform actions on their behalf and can even redirect users to malicious websites.
Remediation:
1- Validate and sanitize user input on the server side. Ensure that input adheres to expected patterns and formats.
2- Encode user input before displaying it in the HTML output. HTML-encode special characters to prevent them from being interpreted as HTML or JavaScript. |
|---|
| 来源 | ⚠️ https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_authrxss.md |
|---|
| 用户 | dhabaleshwar (UID 58737) |
|---|
| 提交 | 2024-03-29 12時08分 (2 年前) |
|---|
| 管理 | 2024-03-29 15時27分 (3 hours later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 258684 [PHPGurukul Emergency Ambulance Hiring Portal 1.0 Search Request Page /admin/search.php 跨网站脚本] |
|---|
| 积分 | 20 |
|---|