Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability Report - Reflected XSS in configuracao_geral.php parameter msg #847

Closed
nmmorette opened this issue Dec 23, 2024 · 0 comments
Closed

Vulnerability Report - Reflected XSS in configuracao_geral.php parameter msg #847

nmmorette opened this issue Dec 23, 2024 · 0 comments
Assignees
@GabrielPintoSouza
Labels
urgente vulnerability

Comments

@nmmorette
Copy link

Vulnerability Description

A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the WeGIA application, specifically on the home.php page. This flaw allows an attacker to inject malicious scripts into the browser's context, potentially leading to cookie theft, redirection to malicious websites, or unauthorized actions on behalf of the user.

Location

Vulnerable Endpoint: html/configuracao/configuracao_geral.php
Affected Parameter: msg
Exploit Payload: "><script>alert(document.cookie)</script>

Attack Description

When accessing the URL https://comfirewall.wegia.org:8000/WeGIA/html/home.php?msg_c=<script>alert(document.cookie);</script>,, the browser executes the injected script, displaying an alert containing the user's cookies. This demonstrates that the msg parameter is not properly sanitized, allowing arbitrary JavaScript code injection.

Vulnerability Impact: Exploiting this vulnerability successfully may result in:

Session Hijacking: An attacker can capture session cookies, granting unauthorized access to the user's account.
Phishing: Redirecting users to malicious websites mimicking legitimate pages to steal credentials.
Unauthorized Actions: Performing unwanted operations on behalf of the user without their consent.

POC

image

Recommendations

  1. Input Sanitization: Implement proper sanitization of all user-provided data, especially parameters reflected on the page, to remove or encode special characters that can be interpreted as code.
  2. Input Validation: Enforce strict validation on received parameters to ensure only expected data is processed.
  3. Output Escaping: Ensure all dynamic data inserted into the HTML is properly escaped to prevent script execution.
  4. Content Security Policy (CSP): Configure a Content Security Policy to restrict the execution of unauthorized scripts.

References

OWASP XSS Prevention Cheat Sheet: https://cheatsheetseries.owasp.org/cheatsheets/XSS_Prevention_Cheat_Sheet.html
OWASP Content Security Policy Cheat Sheet: https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@GabrielPintoSouza GabrielPintoSouza

Labels
urgente vulnerability
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nmmorette @GabrielPintoSouza