We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Hello,
I would like to report for a xss vulnerability in PicUploader commit fcf82ea
The path of the vulnerability: https://github.com/xiebruce/PicUploader/blob/master/auth/AzureRedirect.php
if(isset($_GET['code'])){ // Line 21 (Check) ... }else if(isset($_GET['error']) && isset($_GET['error_description'])){ // Line 38 (Check) echo $_GET['error_description']; // Line 39 (Sink)
Sink in Line 39(echo $_GET['error_description'];).
echo $_GET['error_description'];
There is no filtering, which resulting in XSS vulnerability
GET /auth/AzureRedirect.php?error=&error_description=%3Cscript%3Ealert(%27xss%27)%3C/script%3E
Here is the version without url encoding for ease of understanding:
GET /auth/AzureRedirect.php?error=&error_description=<script>alert('xss')</script>
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Hello,
I would like to report for a xss vulnerability in PicUploader commit fcf82ea
Analysis
The path of the vulnerability: https://github.com/xiebruce/PicUploader/blob/master/auth/AzureRedirect.php
Sink in Line 39(
echo $_GET['error_description'];).There is no filtering, which resulting in XSS vulnerability
Poc
GET /auth/AzureRedirect.php?error=&error_description=%3Cscript%3Ealert(%27xss%27)%3C/script%3EHere is the version without url encoding for ease of understanding:
GET /auth/AzureRedirect.php?error=&error_description=<script>alert('xss')</script>Manual verification
The text was updated successfully, but these errors were encountered: