I have find a Reflected XSS vulnerability in this project
jgj212 opened this issue · comments
Hello:
I have find a Reflected XSS vulnerability in this project.
The vulnerability exists due to insufficient filtration of user-supplied data in “id” HTTP parameter that will be passed to “wuhu-master/www_admin/users.php”. The infected source code is line 67, there is no protection on $_GET["id"]; if $_GET["id"] contains evil js code, line 67 will trigger untrusted code to be excuted on the browser side.
So if a attacker construct a special url as follow and send it to a victim, when the victim click the url, the code which is contained in the url will be executed on the victim's browser side to do some evil.
http://your-web-root/wuhu-master/www_admin/users.php?id="><script>alert(1);</script><"
The follow scrrenshot is the result to click the upper url ( win7 spq x64 + firefox 51.0.1 32bit ):
Discoverer: ADLab of Venustech
That's very nice but it's the admin interface; if you wanna break your own party, it's your own damn fault.
@Gargaj yes, it is the admin interface. but a attacker can use this vulnerability to do some harm, because send a evil url to the admin of the website do not need any admin permission.
It's not a website, it's a locally ran web interface, where the admin section is password protected and noone can send requests to it. But don't worry, i'll "fix" it.
