Giters

ushahidi / Ushahidi_Web

Ushahidi v2. A platform that allows information collection, visualization and interactive mapping, allowing anyone to submit information through text messaging using a mobile phone, email or web form.

Home Page:http://www.ushahidi.com

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[Security] XSS in reports_js.php

seongil-wi opened this issue · comments

commented

Describe the bug
Reflected Cross-Site Scripting (XSS) may allow an attacker to execute JavaScript code in the context of the victim’s browser. This may lead to unauthorised actions being performed, unauthorised access to data, stealing of session information, denial of service, etc. An attacker needs to coerce a user into visiting a link with the XSS payload to be properly exploited against a victim.

To Reproduce
Steps to reproduce the behavior:

  1. Go to the page with following parameter: http://[localhost]/Ushahidi_Web/reports?filterParams=%7B%22page%22%3Anull%2C%22from%22%3A%222021-09-01%22%2C%22to%22%3A%222021-09-01%22%7D%27);alert(%271
  2. Boom!

Screenshots

  • Attack result
    캡처

Where the Issue Occurred
The code below displays the user-controlled parameter filterParams without sufficient sanitization:

Ushahidi_Web/themes/default/views/reports/reports_js.php

Line 551 in 2b23c4a

urlParameters = JSON.parse('<?php echo $_GET['filterParams']; ?>');